Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.32346.10249.exe

Overview

General Information

Sample name:SecuriteInfo.com.FileRepMalware.32346.10249.exe
Analysis ID:1432402
MD5:ff57493246d69a959b3edce7d4d43e36
SHA1:759ba6811c4d8a891a42523f5d8a6cb2fb14ea17
SHA256:9c759b30dc3b3f36e739f7549b21112329686673e3673a697cb3d41cb13a3962
Tags:exe
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Python Keylogger
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: SecuriteInfo.com.FileRepMalware.32346.10249.exe PID: 6352JoeSecurity_PythonKeyloggerYara detected Python KeyloggerJoe Security

    Sigma Signatures

    Sigma detected: Communication To Uncommon Destination Ports
    Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 129.154.46.185, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe, Initiated: true, ProcessId: 6352, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeReversingLabs: Detection: 18%
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1621401
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166E260 CRYPTO_free,2_2_00007FF8A166E260
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A162198D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1621389
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1664230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A1664230
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1662230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8A1662230
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A163E227 CRYPTO_THREAD_write_lock,2_2_00007FF8A163E227
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166E200 CRYPTO_free,2_2_00007FF8A166E200
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16922F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A16922F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A169A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8A169A2C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A1622180
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A1621B54
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1684110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A1684110
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621140 CRYPTO_free,2_2_00007FF8A1621140
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16321F0 CRYPTO_THREAD_run_once,2_2_00007FF8A16321F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16421C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8A16421C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16218B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A16218B6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A1621A0F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FF8A162139D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A1621F23
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16284B0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A16284B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1678350 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A1678350
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16223D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A16223D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1624300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1624300
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16225EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FF8A16225EF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16343A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8A16343A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1640380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A1640380
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A162241E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A1621212
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A162114F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1668620 CRYPTO_free,2_2_00007FF8A1668620
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FF8A162120D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A163A600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A163A600
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16926E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FF8A16926E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16866E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A16866E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16686D0 OPENSSL_cleanse,CRYPTO_free,2_2_00007FF8A16686D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16226AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A16226AD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16214CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A16214CE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1621488
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166E540 CRYPTO_free,2_2_00007FF8A166E540
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1684540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1684540
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1621492
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1692510 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A1692510
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164E5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A164E5E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16625D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8A16625D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166E5A0 CRYPTO_free,2_2_00007FF8A166E5A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1694809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1694809
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1668810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A1668810
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A162136B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1621A41
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1621181
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16213DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A16213DE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FF8A1622577
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A169A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A169A770
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1646758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,2_2_00007FF8A1646758
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16222D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FF8A16222D4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621771 CRYPTO_free,2_2_00007FF8A1621771
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16217E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A16217E9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A1621CA3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1680700 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A1680700
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16347F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8A16347F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16217DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A16217DF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1634790 CRYPTO_get_ex_new_index,2_2_00007FF8A1634790
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A162117C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16220E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A16220E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8A1621A32
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FF8A162110E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1668A90 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A1668A90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A1621811
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A163E948 CRYPTO_free,2_2_00007FF8A163E948
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A168A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A168A930
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1622365
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16217F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A16217F8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8A1621A05
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1636990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FF8A1636990
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1634980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FF8A1634980
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16211A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A16211A9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1676C40 CRYPTO_realloc,2_2_00007FF8A1676C40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1654C28 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A1654C28
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1662C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A1662C10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A163EC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8A163EC00
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8A1622112
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A168ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A168ACD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A163CB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A163CB40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164EB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8A164EB40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A162213F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1624B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1624B10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1624BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1624BD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A1621F87
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1622464
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1676E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1676E70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1670E50 CRYPTO_memcmp,2_2_00007FF8A1670E50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A162105F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A1621E65
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A162195B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A1621677
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A1621A23
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164CD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FF8A164CD30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16221E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8A16221E4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1680D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A1680D30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1648D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A1648D10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162CDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8A162CDC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1658D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1658D90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162F060 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A162F060
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A1621B90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A168B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A168B0D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A1621262
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164D0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8A164D0C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16710C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A16710C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1622121
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622374 CRYPTO_free,2_2_00007FF8A1622374
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1682F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A1682F60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8A1621393
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1624FA0 CRYPTO_free,2_2_00007FF8A1624FA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A162155A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1621483
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1683210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A1683210
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162B200 CRYPTO_clear_free,2_2_00007FF8A162B200
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A1621997
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FF8A166D2F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162D2E1 CRYPTO_free,2_2_00007FF8A162D2E1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16712E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A16712E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FF8A162230B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16652A0 CRYPTO_free,2_2_00007FF8A16652A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A168D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FF8A168D170
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162D140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A162D140
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1681126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A1681126
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8A162111D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16220EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A16220EF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A162193D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1621023
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1653460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1653460
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1683420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8A1683420
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16314E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A16314E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A166F490
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1641494 BIO_ctrl,CRYPTO_get_ex_data,CRYPTO_get_ex_data,2_2_00007FF8A1641494
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1669370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A1669370
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16211BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A16211BD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1621ACD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FF8A162144C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1621ED8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FF8A1621992
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A167F660 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A167F660
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8A1621646
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8A162176C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1622522
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1695540 CRYPTO_memcmp,2_2_00007FF8A1695540
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162F540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FF8A162F540
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16212CB CRYPTO_THREAD_run_once,2_2_00007FF8A16212CB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16635E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FF8A16635E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8A162586A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1645870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1645870
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1689850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1689850
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FF8A1621846
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A162162C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1697820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1697820
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16211DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A16211DB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16219E7 CRYPTO_free,2_2_00007FF8A16219E7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1621B31
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A167F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A167F8F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A1622590
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FF8A1621B18
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16838A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FF8A16838A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A162108C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1677770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1677770
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164D750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A164D750
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1637730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A1637730
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8A1621087
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16225D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8A16225D6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162F7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8A162F7F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16397B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A16397B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1699790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FF8A1699790
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A1621582
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1677A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1677A40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1643A44 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_set_ex_data,CRYPTO_set_ex_data,2_2_00007FF8A1643A44
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162271B CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A162271B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1635A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8A1635A10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A1621A16
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166DAF0 CRYPTO_free,2_2_00007FF8A166DAF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1645AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1645AE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16223EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A16223EC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16213D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8A16213D9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A1621C53
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A1621D84
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16459F0 CRYPTO_free,CRYPTO_free,2_2_00007FF8A16459F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A162204A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1637980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8A1637980
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162107D CRYPTO_free,2_2_00007FF8A162107D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1625C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8A1625C53
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A1621361
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8A162150F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8A1621CEE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1645CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1645CF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16219DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A16219DD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1677CD0 CRYPTO_memcmp,2_2_00007FF8A1677CD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A1621F37
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164DCC4 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,CRYPTO_set_ex_data,CRYPTO_set_ex_data,2_2_00007FF8A164DCC4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A168BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A168BB70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A166DB60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1633B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A1633B30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1635B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8A1635B10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1685B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A1685B10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A162267B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16223E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A16223E7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A162222A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1641E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A1641E60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16216A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A16216A4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162DEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A162DEC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A163BEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A163BEC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1623EB0 CRYPTO_free,2_2_00007FF8A1623EB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16224E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A16224E6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1625E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8A1625E80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1621CBC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1683D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A1683D30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A1621F50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A1621CE9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16215E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A16215E6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1635D80 CRYPTO_THREAD_run_once,2_2_00007FF8A1635D80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166E040 CRYPTO_free,2_2_00007FF8A166E040
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1654000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A1654000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16224C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8A16224C8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16226DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8A16226DF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166E0C1 CRYPTO_free,CRYPTO_free,2_2_00007FF8A166E0C1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FF8A1621893
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16780A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A16780A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A1621AB4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1691F70 CRYPTO_memcmp,2_2_00007FF8A1691F70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A1621EDD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622027 CRYPTO_free,2_2_00007FF8A1622027
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A1621AC3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A162236F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1699F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A1699F10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162103C CRYPTO_malloc,COMP_expand_block,2_2_00007FF8A162103C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162DFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FF8A162DFB2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A1621D8E
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.6\cmake-build\lib\python3\Release\cv2.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A5590000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343528600.00007FF8A6431000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32pdh.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158099384.00000288841A7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\_win32sysloader.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841A7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063908723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343528600.00007FF8A6399000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063908723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343528600.00007FF8A6431000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064128093.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
    Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.6\cmake-build\lib\python3\Release\cv2.pdb, source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A5590000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32trace.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841A7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325639993.00000273142E0000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064128093.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmp
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF60F2E842C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F24C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF60F2F24C4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF60F2E842C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D8AF0 FindFirstFileExW,FindClose,0_2_00007FF60F2D8AF0
    Source: global trafficTCP traffic: 192.168.2.5:49706 -> 129.154.46.185:8080
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: vyapar.vaisworks.com
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331231360.000002731C568000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arxiv.org/abs/1805.10941.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://caffe.berkeleyvision.org
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://caffe.berkeleyvision.org/)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://campar.in.tum.de/Chair/HandEyeCalibration).
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.6394
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331231360.000002731C568000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329528077.000002731B400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171266168.000002731B644000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B5E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171266168.000002731B644000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/BinomialDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/CauchyDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/GammaDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/HypergeometricDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/LaplaceDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/LogisticDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/NegativeBinomialDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/NoncentralF-Distribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/PoissonDistribution.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EF0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/SincFunction.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2149317763.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2170728305.000002731B702000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2170728305.000002731B6F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171020516.000002731B65D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330824171.000002731C140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331067287.000002731C538000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B5D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://torch.ch
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://torch.ch/)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314EC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ams.org/journals/mcom/1988-51-184/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2114826691.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150946283.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2115923612.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.doi.org/10.1109/IEEESTD.2008.4610935
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.gdal.org)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.gdal.org/formats_list.html)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.gdal.org/ogr_formats.html).
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/index.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.00000273150FC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.00000273150FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inference.org.uk/mackay/itila/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2147172190.00000288841A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330824171.000002731C140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2170728305.000002731B702000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2170728305.000002731B6F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171020516.000002731B65D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phpFN
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2147799576.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2149317763.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scipy.org/not/real/data.txt
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xyz.edu/data
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B5E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://arxiv.org/abs/1704.04503
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://data-apis.org/array-api/latest/design_topics/data_interchange.html#syntax-for-data-interchan
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dmlc.github.io/dlpack/latest/python_spec.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164505291.00000273148A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B908000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314EC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/library/string.html#format-specification-mini-language
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/reference/arrays.interface.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314EC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329145657.000002731B200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/user/numpy-for-matlab-users.html).
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/imneme/540829265469e673d045
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331231360.000002731C568000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330824171.000002731C140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/BoboTiG/python-mss
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/NVIDIA/caffe.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B892000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/arogozhnikov/einops
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joblib/threadpoolctl
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063620427.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157998428.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157074052.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2156862445.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158099384.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329279059.000002731B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/numpy/numpy/issues/4763
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2066750460.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165034690.0000027314D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/18502)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/19634
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJ
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/20833
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/20833.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/21326
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/5412.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/6293
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/6293u-
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2170935664.00000273149AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pydata/bottleneck
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165693700.00000273149E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325722715.00000273143C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164438802.0000027314D50000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164505291.0000027314966000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164919429.0000027314D46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2066750460.00000288841A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/12302
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/torch/nn/blob/master/doc/module.md
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331067287.000002731C460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B908000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipython.org
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EF0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-o
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecations
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsS
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsl
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsng
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3328956767.000002731B100000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/release/1.25.0-notes.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2144338859.00000288841A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibility
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329279059.000002731B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/doc/stable/reference/random/index.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2108420520.00000288841AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2108420520.00000288841A8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/doc/stable/user/basics.subclassing.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://numpy.org/neps/nep-0013-ufunc-overrides.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://onnx.ai/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://onnx.ai/)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://optimized-einsum.readthedocs.io/en/stable/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326202345.0000027314B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329528077.000002731B400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0506/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EF0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_379.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_67.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_69.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_79.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_83.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_86.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://pjreddie.com/darknet/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://pjreddie.com/darknet/)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329528077.000002731B400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/numpy-financial
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/threadpoolctl/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.iox
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.000002731451A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scipy-cookbook.readthedocs.io/items/Ctypes.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://software.intel.com/openvino-toolkit)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331067287.000002731C460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331002986.000002731C360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20080221202153/https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2147799576.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/linearPolarOO
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165636474.0000027314E82000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165636474.0000027314ED8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mathworks.com/help/techdoc/ref/rank.html
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openblas.net/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343748181.00007FF8A64DA000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325722715.00000273143C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://www.tensorflow.org/
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://www.tensorflow.org/)
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/

    Key, Mouse, Clipboard, Microphone and Screen Capturing

    barindex
    Yara detected Python Keylogger
    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.FileRepMalware.32346.10249.exe PID: 6352, type: MEMORYSTR
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F789C0_2_00007FF60F2F789C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F15180_2_00007FF60F2F1518
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D9B8B0_2_00007FF60F2D9B8B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F69500_2_00007FF60F2F6950
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D79500_2_00007FF60F2D7950
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F15180_2_00007FF60F2F1518
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E20640_2_00007FF60F2E2064
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F48600_2_00007FF60F2F4860
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E28840_2_00007FF60F2E2884
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E40C40_2_00007FF60F2E40C4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D90C00_2_00007FF60F2D90C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2EF1100_2_00007FF60F2EF110
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E1E600_2_00007FF60F2E1E60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E26800_2_00007FF60F2E2680
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E842C0_2_00007FF60F2E842C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2DA55D0_2_00007FF60F2DA55D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2FA5D80_2_00007FF60F2FA5D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2EE5FC0_2_00007FF60F2EE5FC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E24740_2_00007FF60F2E2474
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E8CB00_2_00007FF60F2E8CB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F24C40_2_00007FF60F2F24C4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E3CC00_2_00007FF60F2E3CC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D9D2B0_2_00007FF60F2D9D2B
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E65100_2_00007FF60F2E6510
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F4CFC0_2_00007FF60F2F4CFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F73500_2_00007FF60F2F7350
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F6BCC0_2_00007FF60F2F6BCC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E842C0_2_00007FF60F2E842C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E22700_2_00007FF60F2E2270
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2EEA900_2_00007FF60F2EEA90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E82780_2_00007FF60F2E8278
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E33300_2_00007FF60F2E3330
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2EAA100_2_00007FF60F2EAA10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A15012F02_2_00007FF8A15012F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A15018A02_2_00007FF8A15018A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621B542_2_00007FF8A1621B54
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162116D2_2_00007FF8A162116D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621A0F2_2_00007FF8A1621A0F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16583F02_2_00007FF8A16583F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16286302_2_00007FF8A1628630
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16926E02_2_00007FF8A16926E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16216FE2_2_00007FF8A16216FE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A168C5302_2_00007FF8A168C530
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162143D2_2_00007FF8A162143D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16213DE2_2_00007FF8A16213DE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162117C2_2_00007FF8A162117C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16217F82_2_00007FF8A16217F8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16226122_2_00007FF8A1622612
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16226FD2_2_00007FF8A16226FD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16216182_2_00007FF8A1621618
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162149C2_2_00007FF8A162149C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16224D72_2_00007FF8A16224D7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621C122_2_00007FF8A1621C12
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16370B02_2_00007FF8A16370B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16221C12_2_00007FF8A16221C1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A162155A2_2_00007FF8A162155A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166D2F02_2_00007FF8A166D2F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16693702_2_00007FF8A1669370
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621FD72_2_00007FF8A1621FD7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16215462_2_00007FF8A1621546
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16657702_2_00007FF8A1665770
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A164B7002_2_00007FF8A164B700
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A166D7C02_2_00007FF8A166D7C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16221DF2_2_00007FF8A16221DF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A16215962_2_00007FF8A1621596
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1645CF02_2_00007FF8A1645CF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1699B302_2_00007FF8A1699B30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621AD72_2_00007FF8A1621AD7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621CBC2_2_00007FF8A1621CBC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621EDD2_2_00007FF8A1621EDD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1621D8E2_2_00007FF8A1621D8E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF60F2D2B10 appears 47 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A1621325 appears 480 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A169C931 appears 39 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A169C93D appears 69 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A169C265 appears 48 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A169C16F appears 335 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A169C17B appears 38 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: String function: 00007FF8A169C181 appears 1190 times
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: opencv_videoio_ffmpeg460_64.dll.0.drStatic PE information: Number of sections : 13 > 10
    Source: cv2.pyd.0.drStatic PE information: Number of sections : 11 > 10
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: Number of sections : 19 > 10
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065486885.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2116066609.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063908723.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063620427.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157998428.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157074052.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2156862445.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom312.dll0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064487740.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150232072.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064128093.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064672754.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158099384.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32pdh.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilenamelibsslH vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343748181.00007FF8A64DA000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325639993.00000273142E0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs SecuriteInfo.com.FileRepMalware.32346.10249.exe
    Source: classification engineClassification label: mal56.spyw.winEXE@3/64@1/1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D8560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF60F2D8560
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762Jump to behavior
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Caption FROM Win32_Processor
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeReversingLabs: Detection: 18%
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: mfplat.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: mf.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: mfreadwrite.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: mfcore.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: ksuser.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: rtworkq.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: sxs.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic file information: File size 61059752 > 1048576
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.6\cmake-build\lib\python3\Release\cv2.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A5590000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157639234.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343528600.00007FF8A6431000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32pdh.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158099384.00000288841A7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065194562.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\_win32sysloader.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841A7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063908723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343528600.00007FF8A6399000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063908723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3343528600.00007FF8A6431000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065117305.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064128093.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157176729.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
    Source: Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.6\cmake-build\lib\python3\Release\cv2.pdb, source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A5590000.00000002.00000001.01000000.0000001F.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064858135.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064236941.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065284761.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065002366.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064354723.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32trace.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841A7000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065368884.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2065612916.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2150357406.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325639993.00000273142E0000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2064128093.00000288841A5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmp
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exeStatic PE information: section name: _RDATA
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: mfc140u.dll.0.drStatic PE information: section name: .didat
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: opencv_videoio_ffmpeg460_64.dll.0.drStatic PE information: section name: .rodata
    Source: opencv_videoio_ffmpeg460_64.dll.0.drStatic PE information: section name: .xdata
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: .xdata
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /4
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /19
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /31
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /45
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /57
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /70
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /81
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /92
    Source: cv2.pyd.0.drStatic PE information: section name: IPPCODE
    Source: cv2.pyd.0.drStatic PE information: section name: IPPDATA
    Source: cv2.pyd.0.drStatic PE information: section name: _RDATA
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1644021 push rcx; ret 2_2_00007FF8A1644022
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\bit_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32pdh.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_sfc64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\opencv_videoio_ffmpeg460_64.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\mtrand.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\cv2.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32trace.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_umath.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_bounded_integers.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\mfc140u.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_tests.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_philox.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_pcg64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_mt19937.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\win32ui.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft\_pocketfft_internal.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_common.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg\_umath_linalg.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pythoncom312.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D6EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF60F2D6EF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\bit_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_pcg64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32pdh.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_sfc64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\opencv_videoio_ffmpeg460_64.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\cv2.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\mtrand.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_mt19937.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\win32ui.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32trace.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft\_pocketfft_internal.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_common.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_umath.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_bounded_integers.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg\_umath_linalg.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\mfc140u.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_tests.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_philox.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pythoncom312.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67762\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17266
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Caption FROM Win32_Processor
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF60F2E842C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F24C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF60F2F24C4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2E842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF60F2E842C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2D8AF0 FindFirstFileExW,FindClose,0_2_00007FF60F2D8AF0
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2066351420.00000288841A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.000002731451A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWs
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2DC6AC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60F2DC6AC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F40D0 GetProcessHeap,0_2_00007FF60F2F40D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2DC88C SetUnhandledExceptionFilter,0_2_00007FF60F2DC88C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2DC6AC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60F2DC6AC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2DBE20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF60F2DBE20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2EB1B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60F2EB1B8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1503054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A1503054
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1502A9C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A1502A9C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 2_2_00007FF8A1622126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A1622126
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2FA420 cpuid 0_2_00007FF60F2FA420
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_umath.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_tests.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\mtrand.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_common.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\_hashlib.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_bounded_integers.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_pcg64.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_sfc64.cp312-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\load_config_py3.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\load_config_py3.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\load_config_py3.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\load_config_py3.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\config.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\config.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\config-3.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\config-3.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\data\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\data\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\data\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\data\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\gapi\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\gapi\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\gapi\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\gapi\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\mat_wrapper\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\mat_wrapper\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\version.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\utils\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\utils\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\utils\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\utils\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\psutil VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\psutil VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\psutil VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.12\__init__.py VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.12\dicts.dat VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2DC590 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF60F2DC590
    Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exeCode function: 0_2_00007FF60F2F6950 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF60F2F6950

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Process Injection    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Obfuscated Files or Information    		NTDS1
    File and Directory Discovery    		Distributed Component Object ModelInput Capture1
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Timestomp    		LSA Secrets23
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SecuriteInfo.com.FileRepMalware.32346.10249.exe18%ReversingLabsWin64.Trojan.Acll

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\mfc140u.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\win32ui.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\cv2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\mat_wrapper\__init__.py0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\__init__.py0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\opencv_videoio_ffmpeg460_64.dll5%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\utils\__init__.py0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\libcrypto-3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\libffi-8.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\libssl-3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_tests.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_umath.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_bounded_integers.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_common.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_generator.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_mt19937.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_pcg64.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_philox.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_sfc64.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\bit_generator.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\mtrand.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\psutil\_psutil_windows.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\pyexpat.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\python3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\python312.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pythoncom312.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pywintypes312.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\select.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\unicodedata.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\_win32sysloader.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32api.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32pdh.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32trace.pyd0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://foss.heptapod.net/pypy/pypy/-/issues/35390%URL Reputationsafe
    http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html0%Avira URL Cloudsafe
    http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html0%Avira URL Cloudsafe
    https://dmlc.github.io/dlpack/latest/python_spec.html0%Avira URL Cloudsafe
    http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm0%Avira URL Cloudsafe
    https://onnx.ai/0%Avira URL Cloudsafe
    http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/0%Avira URL Cloudsafe
    https://onnx.ai/)0%Avira URL Cloudsafe
    http://.../back.jpeg0%Avira URL Cloudsafe
    https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
    http://www.inference.org.uk/mackay/itila/0%Avira URL Cloudsafe
    http://www.xyz.edu/data0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    vyapar.vaisworks.com
    		129.154.46.185
    		truefalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://github.com/joblib/threadpoolctlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://onnx.ai/)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://caffe.berkeleyvision.org/)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
          		high
          https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://www.scipy.org/not/real/data.txtSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://github.com/giampaolo/psutil/issues/875.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314EC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/arogozhnikov/einopsSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2147172190.00000288841A7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docs.python.org/library/string.html#format-specification-mini-languageSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314EC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://torch.ch/)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                        		high
                        https://github.com/mhammond/pywin32SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2063620427.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157998428.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157074052.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2156862445.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158168865.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2158099384.00000288841A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2157914959.00000288841A7000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                            		high
                            https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.aspSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://mathworld.wolfram.com/NoncentralF-Distribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.doi.org/10.1109/IEEESTD.2008.4610935SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://gist.github.com/imneme/540829265469e673d045SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/opencv/opencv/issues/6293SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                        		high
                                        https://github.com/opencv/opencv/issues/16739SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                          		high
                                          http://goo.gl/zeJZl.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329528077.000002731B400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171266168.000002731B644000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://tools.ietf.org/html/rfc2388#section-4.4SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://dmlc.github.io/dlpack/latest/python_spec.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.opensource.org/licenses/mit-license.phpSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330824171.000002731C140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.scipy.org/doc/numpy/reference/arrays.interface.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331315517.000002731C660000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://numpy.org/doc/stable/user/basics.subclassing.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2108420520.00000288841AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2108420520.00000288841A8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://personal.math.ubc.ca/~cbm/aands/page_379.htmSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EF0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/torch/nn/blob/master/doc/module.mdSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                          		high
                                                          http://mathworld.wolfram.com/LaplaceDistribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/opencv/opencv/issues/20833SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                              		high
                                                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ipython.orgSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326343956.0000027314D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://peps.python.org/pep-0205/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326202345.0000027314B00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://curl.haxx.se/rfc/cookie_spec.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331231360.000002731C568000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://torch.chSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                        		high
                                                                        http://www.gdal.org/ogr_formats.html).SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                          		high
                                                                          https://github.com/opencv/opencv/issues/18502)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2066750460.00000288841A5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165034690.0000027314D1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://personal.math.ubc.ca/~cbm/aands/page_67.htmSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://arxiv.org/abs/1805.10941.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxySecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331067287.000002731C460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.tensorflow.org/)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                    		high
                                                                                    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325722715.00000273143C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibilitySecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2144338859.00000288841A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://httpbin.org/getSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B908000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htmSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://mathworld.wolfram.com/NegativeBinomialDistribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/python/cpython/issues/86361.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164438802.0000027314D50000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164505291.0000027314966000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164919429.0000027314D46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.scipy.org/doc/numpy/user/numpy-for-matlab-users.html).SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329145657.000002731B200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdfSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://mail.python.org/pipermail/python-dev/2012-June/120787.html.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171266168.000002731B644000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://httpbin.org/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314966000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.ams.org/journals/mcom/1988-51-184/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314EC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://numpy.org/doc/stable/reference/random/index.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329279059.000002731B300000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-oSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EF0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://campar.in.tum.de/Chair/HandEyeCalibration).SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/numpy/numpy/issues/4763SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329279059.000002731B300000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sySecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.aspSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://mathworld.wolfram.com/CauchyDistribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://mathworld.wolfram.com/HypergeometricDistribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://docs.python.org/3/library/multiprocessing.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2164505291.00000273148A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://mathworld.wolfram.com/PoissonDistribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://mathworld.wolfram.com/SincFunction.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165961578.0000027314EF0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166081374.0000027314EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://wwwsearch.sf.net/):SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B5E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tools.ietf.org/html/rfc6125#section-6.4.3SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331067287.000002731C538000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B5D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htmSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://github.com/NVIDIA/caffe.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/python/cpython/pull/12302SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000000.00000003.2066750460.00000288841A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://onnx.ai/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://software.intel.com/openvino-toolkit)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://google.com/mailSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://caffe.berkeleyvision.orgSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pySecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.00000273144C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://web.archive.org/web/20080221202153/https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdfSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314FD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/opencv/opencv/issues/19634SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://foss.heptapod.net/pypy/pypy/-/issues/3539SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3330754170.000002731C040000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://google.com/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B5E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://mahler:8092/site-updates.pySecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		low
                                                                                                                                                            http://www.inference.org.uk/mackay/itila/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://mathworld.wolfram.com/BinomialDistribution.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3336424543.00007FF8A4DF4000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationslSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://numpy.org/neps/nep-0013-ufunc-overrides.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://.../back.jpegSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331231360.000002731C568000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		low
                                                                                                                                                                    https://optimized-einsum.readthedocs.io/en/stable/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://tools.ietf.org/html/rfc7231#section-4.3.6)SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329689476.000002731B500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.python.org/download/releases/2.3/mro/.SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325722715.00000273143C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://httpbin.org/postSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B6BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://scipy-cookbook.readthedocs.io/items/Ctypes.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2168085273.000002731503A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325794789.000002731451A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/Ousret/charset_normalizerSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3329828418.000002731B892000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.mathworks.com/help/techdoc/ref/rank.htmlSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171283040.0000027314E2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314DC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2166165900.0000027314DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165636474.0000027314E82000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165636474.0000027314ED8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2165712612.0000027314DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3331067287.000002731C460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://yahoo.com/SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3325977659.0000027314800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.xyz.edu/dataSecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2171071841.0000027314F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000003.2167041130.0000027314F35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.32346.10249.exe, 00000002.00000002.3326401137.0000027314E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public IPs

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      129.154.46.185
                                                                                                                                                                                      		vyapar.vaisworks.comUnited States
                                                                                                                                                                                      		7160NETDYNAMICSUSfalse

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                      Analysis ID:1432402
                                                                                                                                                                                      Start date and time:2024-04-27 00:51:12 +02:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 8m 35s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:5
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal56.spyw.winEXE@3/64@1/1
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 84%
                                                                                                                                                                                      • Number of executed functions: 37
                                                                                                                                                                                      • Number of non-executed functions: 320
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                      • Execution Graph export aborted for target SecuriteInfo.com.FileRepMalware.32346.10249.exe, PID 6352 because there are no executed function
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                      • VT rate limit hit for: SecuriteInfo.com.FileRepMalware.32346.10249.exe

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      No simulations

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      No context

                                                                                                                                                                                      Domains

                                                                                                                                                                                      No context

                                                                                                                                                                                      ASNs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      NETDYNAMICSUSpL7jDJb2G6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 129.149.237.135
                                                                                                                                                                                      iH18gdEj8Y.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 141.145.229.215
                                                                                                                                                                                      QlEroARpo3.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                      • 160.34.89.107
                                                                                                                                                                                      3RIodZx5Hr.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                      • 146.56.25.82
                                                                                                                                                                                      mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 160.34.204.141
                                                                                                                                                                                      GfRwN8t3BN.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 146.56.150.102
                                                                                                                                                                                      X4hQbUq5Ib.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 129.154.134.46
                                                                                                                                                                                      WGHFgjyKDE.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 146.58.241.231
                                                                                                                                                                                      2kTGuwknkD.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 146.56.102.226
                                                                                                                                                                                      906o5yr1NE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                                                                                                                      • 141.145.201.126

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      No context

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\mfc140u.dllhttps://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        SecuriteInfo.com.Python.Stealer.1437.14994.32063.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                          purchaseorder3.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                            purchaseorder3.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.26781.23689.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                  purchaseorder4.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                    Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                                                                                                                      Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        xSO7sbN2j6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\win32ui.pydr0gv5UI76Q.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            SecuriteInfo.com.Win64.Evo-gen.32605.13708.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              SecuriteInfo.com.FileRepMalware.20476.21704.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                DruloMF_Rebrand.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                  DruloMF_Rebrand.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5653424
                                                                                                                                                                                                                    Entropy (8bit):6.729277267882055
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS
                                                                                                                                                                                                                    MD5:03A161718F1D5E41897236D48C91AE3C
                                                                                                                                                                                                                    SHA1:32B10EB46BAFB9F81A402CB7EFF4767418956BD4
                                                                                                                                                                                                                    SHA-256:E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
                                                                                                                                                                                                                    SHA-512:7ABCC90E845B43D264EE18C9565C7D0CBB383BFD72B9CEBB198BA60C4A46F56DA5480DA51C90FF82957AD4C84A4799FA3EB0CEDFFAA6195F1315B3FF3DA1BE47
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Python.Stealer.1437.14994.32063.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: purchaseorder3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: purchaseorder3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Win64.Malware-gen.26781.23689.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: purchaseorder4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: Sp#U251c#U0434ti.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: Sp#U251c#U0434ti.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: xSO7sbN2j6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d....~.a.........." .....(-..X)......X,.......................................V......YV...`A..........................................:.....h.;.......?......`=..8....V..'...PU.0p..p.5.T...........................`...8............@-.P...0.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1143296
                                                                                                                                                                                                                    Entropy (8bit):6.04321542540882
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:DQWktPIBhxB0RsErMzOFvYREzZMi2aNj5ppbRSogazu:DQWoihT0F9YRYfjnp44
                                                                                                                                                                                                                    MD5:D335339C3508604925016C1F3EE0600D
                                                                                                                                                                                                                    SHA1:2AAA7BA6171E4887D942D03010D7D1B1B94257E4
                                                                                                                                                                                                                    SHA-256:8B992A0333990A255C6DF4395AE2E4153300596D75C7FBD17780214FB359B6A7
                                                                                                                                                                                                                    SHA-512:AC6AB6054A93261E6547C58EE7BA191129A0B87D86C6D15DA34FEDF90764949DAF5C1AE39AA06503487D420F6867DF796E3F1D75F16E246712E0E53E40552D13
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                    • Filename: r0gv5UI76Q.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Win64.Evo-gen.32605.13708.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.FileRepMalware.20476.21704.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: DruloMF_Rebrand.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    • Filename: DruloMF_Rebrand.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.N..~...~...~..r....~.v.....~..a....~...z...~...}...~...{...~.......~.......~.v.w...~.v.~...~.v.....~.v.|...~.Rich..~.........................PE..d......d.........." .........r......d.....................................................`.........................................@....T..Hr..h...............................h\......T.......................(.......8................0...........................text............................... ..`.rdata..f...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..h\.......^..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\VCRUNTIME140.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):119192
                                                                                                                                                                                                                    Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                    MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                    SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                    SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                    SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\VCRUNTIME140_1.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):49528
                                                                                                                                                                                                                    Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                    MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                    SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                    SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                    SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_asyncio.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):71448
                                                                                                                                                                                                                    Entropy (8bit):6.244392352614308
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:l7YaUr1ArXgA0dfKC0TIL1nOBC3QHVIjOn+7SyZx7:l7YaU1Arp0NKC0TIL1nKyYVIjOn+p
                                                                                                                                                                                                                    MD5:28D2A0405BE6DE3D168F28109030130C
                                                                                                                                                                                                                    SHA1:7151ECCBD204B7503F34088A279D654CFE2260C9
                                                                                                                                                                                                                    SHA-256:2DFCAEC25DE17BE21F91456256219578EAE9A7AEC5D21385DEC53D0840CF0B8D
                                                                                                                                                                                                                    SHA-512:B87F406F2556FAC713967E5AE24729E827F2112C318E73FE8BA28946FD6161802DE629780FAD7A3303CF3DBAB7999B15B535F174C85B3CBB7BB3C67915F3B8D0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l[.~...~...~.......~.......~.......~.......~.......~.......~.......~...~..=~.......~.......~.......~.......~..Rich.~..................PE..d...wK.f.........." ...&.f................................................... ............`.............................................P......d......................../..............T...........................@...@............................................text...%d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...h...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_bz2.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):85272
                                                                                                                                                                                                                    Entropy (8bit):6.581027304618609
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:Va1z78QpNWk5qkCFM7Q4SPogYzR8WkiHH9IjCVz7SyqxJ:Va1zg5kWFqQ4Xz+Wkq9IjCVze
                                                                                                                                                                                                                    MD5:223FD6748CAE86E8C2D5618085C768AC
                                                                                                                                                                                                                    SHA1:DCB589F2265728FE97156814CBE6FF3303CD05D3
                                                                                                                                                                                                                    SHA-256:F81DC49EAC5ECC528E628175ADD2FF6BDA695A93EA76671D7187155AA6326ABB
                                                                                                                                                                                                                    SHA-512:9C22C178417B82E68F71E5B7FE7C0C0A77184EE12BD0DC049373EACE7FA66C89458164D124A9167AE760FF9D384B78CA91001E5C151A51AD80C824066B8ECCE6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o~..+...+...+..."g..!...-...)...-.i.(...-...&...-...#...-.../...D...(...`g..)...+...t...D...#...D...*...D.k.*...D...*...Rich+...........................PE..d....K.f.........." ...&.....^...............................................`.......b....`.............................................H............@.......0..8......../...P..........T...........................p...@............................................text............................... ..`.rdata...>.......@..................@..@.data........ ......................@....pdata..8....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_ctypes.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):125208
                                                                                                                                                                                                                    Entropy (8bit):6.122025398643493
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:pmHf1MbO+o9/RZYMf/E2ZzKIyPFzqprhIjLPs6U:0uO+4/nLf/ET9qprGU
                                                                                                                                                                                                                    MD5:BBD5533FC875A4A075097A7C6ABA865E
                                                                                                                                                                                                                    SHA1:AB91E62C6D02D211A1C0683CB6C5B0BDD17CBF00
                                                                                                                                                                                                                    SHA-256:BE9828A877E412B48D75ADDC4553D2D2A60AE762A3551F9731B50CAE7D65B570
                                                                                                                                                                                                                    SHA-512:23EF351941F459DEE7ED2CEBBAE21969E97B61C0D877CFE15E401C36369D2A2491CA886BE789B1A0C5066D6A8835FD06DB28B5B28FB6E9DF84C2D0B0D8E9850E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&e..b..b..b..k|H.d..d..`..d..n..d..j..d..f.....`..)|.c..)|.d...x.a..b........d.....c....$.c.....c..Richb..................PE..d....K.f.........." ...&............\_..............................................j.....`.........................................``.......`.........................../......t.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data...,5.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_decimal.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):251672
                                                                                                                                                                                                                    Entropy (8bit):6.565757128183933
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:1pR/rTVB5s99Rvft6yrsIzepnbux9qWM53pLW1Ad+ppp39PPPF8Sstvt:djLyvftDFzZUTK8SUvt
                                                                                                                                                                                                                    MD5:3055EDF761508190B576E9BF904003AA
                                                                                                                                                                                                                    SHA1:F0DC8D882B5CD7955CC6DFC8F9834F70A83C7890
                                                                                                                                                                                                                    SHA-256:E4104E47399D3F635A14D649F61250E9FD37F7E65C81FFE11F099923F8532577
                                                                                                                                                                                                                    SHA-512:87538FE20BD2C1150A8FEFD0478FFD32E2A9C59D22290464BF5DFB917F6AC7EC874F8B1C70D643A4DC3DD32CBE17E7EA40C0BE3EA9DD07039D94AB316F752248
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW.....................f.......f.......f.......f.......f......................f.......f.......f.......f.......f......Rich............PE..d...yK.f.........." ...&.p...<......................................................i ....`..........................................D..P....E..................`'......./......T.......T...........................@...@............................................text...9o.......p.................. ..`.rdata..H............t..............@..@.data...X*...`...$...L..............@....pdata..`'.......(...p..............@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_hashlib.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):65816
                                                                                                                                                                                                                    Entropy (8bit):6.241463396742061
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:6PSs3+S7z1FBV8HEmFRqeVIjOIf7Sy0xs:7szBVWEm/fVIjOIft
                                                                                                                                                                                                                    MD5:EEDB6D834D96A3DFFFFB1F65B5F7E5BE
                                                                                                                                                                                                                    SHA1:ED6735CFDD0D1EC21C7568A9923EB377E54B308D
                                                                                                                                                                                                                    SHA-256:79C4CDE23397B9A35B54A3C2298B3C7A844454F4387CB0693F15E4FACD227DD2
                                                                                                                                                                                                                    SHA-512:527BD7BB2F4031416762595F4CE24CBC6254A50EAF2CC160B930950C4F2B3F5E245A486972148C535F8CD80C78EC6FA8C9A062085D60DB8F23D4B21E8AE4C0AD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~z.A:...:...:...3ca.>...<...8...<...6...<...2...<...9...U...8...qc..8.......9...:.......U...;...U...;...U...;...U...;...Rich:...........................PE..d....K.f.........." ...&.T..........L@..............................................lg....`.............................................P.............................../......X...@}..T............................|..@............p..(............................text...wS.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_lzma.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):160024
                                                                                                                                                                                                                    Entropy (8bit):6.841300813767097
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:EwpwQ7a8+OsGqtCXJznfF9mNo+pxAbm19IjZ1Tv:EwpV7a8FdNYO+pmC1i
                                                                                                                                                                                                                    MD5:05E8B2C429AFF98B3AE6ADC842FB56A3
                                                                                                                                                                                                                    SHA1:834DDBCED68DB4FE17C283AB63B2FAA2E4163824
                                                                                                                                                                                                                    SHA-256:A6E2A5BB7A33AD9054F178786A031A46EA560FAEEF1FB96259331500AAE9154C
                                                                                                                                                                                                                    SHA-512:BADEB99795B89BC7C1F0C36BECC7A0B2CE99ECFD6F6BB493BDA24B8E57E6712E23F4C509C96A28BC05200910BEDDC9F1536416BBC922331CAE698E813CBB50B3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..MRu.MRu.MRu.D*..IRu.K.t.ORu.K.p.ARu.K.q.ERu.K.v.NRu.".t.NRu..*t.ORu.MRt.(Ru.".x.wRu.".u.LRu."..LRu.".w.LRu.RichMRu.........................PE..d....K.f.........." ...&.f...........8..............................................`3....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text....d.......f.................. ..`.rdata..............j..............@..@.data...h....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_multiprocessing.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):35096
                                                                                                                                                                                                                    Entropy (8bit):6.457363388284004
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:eovdQkOU3QzbxQ0zTdFIjWtJ5YiSyv3ORAMxkEW:3lNynxQ0zTdFIjWtX7Sy25xS
                                                                                                                                                                                                                    MD5:A4281E383EF82C482C8BDA50504BE04A
                                                                                                                                                                                                                    SHA1:4945A2998F9C9F8CE1C078395FFBEDB29C715D5D
                                                                                                                                                                                                                    SHA-256:467B0FEF42D70B55ABF41D817DFF7631FAEEF84DCE64F8AADB5690A22808D40C
                                                                                                                                                                                                                    SHA-512:661E38B74F8BFDD14E48E65EE060DA8ECDF67C0E3CA1B41B6B835339AB8259F55949C1F8685102FD950BF5DE11A1B7C263DA8A3A4B411F1F316376B8AA4A5683
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......de.* ..y ..y ..y)|Fy"..y&..x"..y&..x-..y&..x(..y&..x#..yO..x"..y ..yB..yk|.x%..yO..x"..yO..x!..yO.*y!..yO..x!..yRich ..y........................PE..d...}K.f.........." ...&.....>......L...............................................=.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data...X....`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_overlapped.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):55576
                                                                                                                                                                                                                    Entropy (8bit):6.346382537794332
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:uQhEhW1pnYGdvTn9gwxevWdmS5oZdCzZIjXtn5YiSyv3AMxkEDJ:JKhmnT9gwxeMuZdqZIjXt57SyfxR
                                                                                                                                                                                                                    MD5:BA368245D104B1E016D45E96A54DD9CE
                                                                                                                                                                                                                    SHA1:B79EF0EB9557A0C7FA78B11997DE0BB057AB0C52
                                                                                                                                                                                                                    SHA-256:67E6CA6F1645C6928ADE6718DB28AFF1C49A192E8811732B5E99364991102615
                                                                                                                                                                                                                    SHA-512:429D7A1F829BE98C28E3DCA5991EDCADFF17E91F050D50B608A52EF39F6F1C6B36AB71BFA8E3884167371A4E40348A8CDA1A9492B125FB19D1A97C0CCB8F2C7B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.{.2.(.2.(.2.(.J.(.2.(...).2.(...).2.(...).2.(...).2.(..).2.(.2.(.2.(.J.).2.(.J.).2.(..).2.(..).2.(.g(.2.(..).2.(Rich.2.(........PE..d...}K.f.........." ...&.L...`............................................................`.............................................X.............................../......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata...8...`...:...P..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_queue.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):32536
                                                                                                                                                                                                                    Entropy (8bit):6.462349221807228
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:DJ2Y6rwM5MoOhIjQUl5YiSyvwSAMxkEBo:DmwDoOhIjQUr7Syrxm
                                                                                                                                                                                                                    MD5:6E0CB85DC94E351474D7625F63E49B22
                                                                                                                                                                                                                    SHA1:66737402F76862EB2278E822B94E0D12DCB063C5
                                                                                                                                                                                                                    SHA-256:3F57F29ABD86D4DC8F4CA6C3F190EBB57D429143D98F0636FF5117E08ED81F9B
                                                                                                                                                                                                                    SHA-512:1984B2FC7F9BBDF5BA66716FC60DCFD237F38E2680F2FC61F141FF7E865C0DBDD7CDC47B3BC490B426C6CFE9F3F9E340963ABF428EA79EB794B0BE7D13001F6A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\.~...~...~.......~.......~.......~.......~.......~.......~.......~...~...~.......~.......~....}..~.......~..Rich.~..................PE..d....K.f.........." ...&.....8......................................................\]....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_socket.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):83224
                                                                                                                                                                                                                    Entropy (8bit):6.336512797446254
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:rGkFyhCF5VK8+1j50VnWZyJwe9/s+S+pzj18/n1IsJw4YhIjLwYX7Sy4xU:rsYn1qFyJwe9/sT+pzjU1IwwDhIjLwaT
                                                                                                                                                                                                                    MD5:DC06F8D5508BE059EAE9E29D5BA7E9EC
                                                                                                                                                                                                                    SHA1:D666C88979075D3B0C6FD3BE7C595E83E0CB4E82
                                                                                                                                                                                                                    SHA-256:7DAFF6AA3851A913ED97995702A5DFB8A27CB7CF00FB496597BE777228D7564A
                                                                                                                                                                                                                    SHA-512:57EB36BC1E9BE20C85C34B0A535B2349CB13405D60E752016E23603C4648939F1150E4DBEBC01EC7B43EB1A6947C182CCB8A806E7E72167AD2E9D98D1FD94AB3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.i....}...}...}..}...}.0.|...}.0.|...}.0.|...}.0.|...}o0.|...}...}...}K..|...}o0.|...}o0.|...}o0.}...}o0.|...}Rich...}........PE..d....K.f.........." ...&.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_ssl.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):178456
                                                                                                                                                                                                                    Entropy (8bit):5.9718801387586655
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:O8+XyuR9hsQD3O2AfZ6XiBgJpH2GvMW1ba+VRJNI7IM/H9o/PCrXuI6l9IjC7hV0:AXyOrsayZ6XiBGMWjT1lI
                                                                                                                                                                                                                    MD5:5B9B3F978D07E5A9D701F832463FC29D
                                                                                                                                                                                                                    SHA1:0FCD7342772AD0797C9CB891BF17E6A10C2B155B
                                                                                                                                                                                                                    SHA-256:D568B3C99BF0FC35A1F3C5F66B4A9D3B67E23A1D3CF0A4D30499D924D805F5AA
                                                                                                                                                                                                                    SHA-512:E4DB56C8E0E9BA0DB7004463BF30364A4E4AB0B545FB09F40D2DBA67B79B6B1C1DB07DF1F017501E074ABD454D1E37A4167F29E7BBB0D4F8958FA0A2E9F4E405
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&h^.G...G...G...?...G.......G.......G.......G.......G.......G.......G...G..eF...?...G.......G.......G.......G.......G..Rich.G..................PE..d....K.f.........." ...&............X,..............................................c:....`.............................................d...D...................P......../......x.......T...........................@...@............................................text...$........................... ..`.rdata...#.......$..................@..@.data...h...........................@....pdata..P............b..............@..@.rsrc................n..............@..@.reloc..x............x..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\_wmi.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):36632
                                                                                                                                                                                                                    Entropy (8bit):6.3757770375418374
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:1q4nnHFAX6wpFWN5k509IjCi85YiSyv9AMxkEga+:1hnlmTpFWN5k509IjCiG7SyNxEa+
                                                                                                                                                                                                                    MD5:7EC3FC12C75268972078B1C50C133E9B
                                                                                                                                                                                                                    SHA1:73F9CF237FE773178A997AD8EC6CD3AC0757C71E
                                                                                                                                                                                                                    SHA-256:1A105311A5ED88A31472B141B4B6DAA388A1CD359FE705D9A7A4ABA793C5749F
                                                                                                                                                                                                                    SHA-512:441F18E8CE07498BC65575E1AE86C1636E1CEB126AF937E2547710131376BE7B4CB0792403409A81B5C6D897B239F26EC9F36388069E324249778A052746795E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]lr.<.!.<.!.<.!.D.!.<.!... .<.!... .<.!... .<.!.. .<.!... .<.!.D. .<.!.<.!.<.!.D. .<.!.. .<.!.. .<.!..!.<.!.. .<.!Rich.<.!........................PE..d....K.f.........." ...&.(...:.......&.............................................._.....`..........................................U..H....V...............p..`....`.../......t...TG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata.......@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\base_library.zip

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1333651
                                                                                                                                                                                                                    Entropy (8bit):5.5868779115750264
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:uttcY+bS4OmE1jc+fYNXPh26UZWAzDX7jOIqL3CjHgopRdmoPFHz1dcfsFvaYcIe:uttcY+NHSPD/e2cqRdmoPxzQIaYcIe
                                                                                                                                                                                                                    MD5:8DAD91ADD129DCA41DD17A332A64D593
                                                                                                                                                                                                                    SHA1:70A4EC5A17ED63CAF2407BD76DC116ACA7765C0D
                                                                                                                                                                                                                    SHA-256:8DE4F013BFECB9431AABAA97BB084FB7DE127B365B9478D6F7610959BF0D2783
                                                                                                                                                                                                                    SHA-512:2163414BC01FC30D47D1DE763A8332AFE96EA7B296665B1A0840D5197B7E56F4963938E69DE35CD2BF89158E5E2240A1650D00D86634AC2A5E2AD825455A2D50
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\certifi\cacert.pem

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):292541
                                                                                                                                                                                                                    Entropy (8bit):6.048162209044241
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                                                    MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                                                    SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                                                    SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                                                    SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):10752
                                                                                                                                                                                                                    Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                    MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                    SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                    SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                    SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):122880
                                                                                                                                                                                                                    Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                    MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                    SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                    SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                    SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6749
                                                                                                                                                                                                                    Entropy (8bit):4.965076630933729
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:cHqnQbu/POjcEYIL9GE6AUmZr2s46/B5aVOQOo2/nH/h5M966GMBWtReWE3uSI8G:2qQSOjIKtw6/Bb/H/h2BWtc93k
                                                                                                                                                                                                                    MD5:4ACCC145F749B8E94CC8921CEDFC7CB3
                                                                                                                                                                                                                    SHA1:9AD3A58873A0F88F00BEDD941B43EBA083D3F6E9
                                                                                                                                                                                                                    SHA-256:8FB8564FDED89056F8F393D2F1E2AE71A2F6E109CDA78F20E422B81819EC64F3
                                                                                                                                                                                                                    SHA-512:8D4AC3E40CF29DF313F21388B1525AB66D3BF179990F13789C1AB1679516DD39C567DA6D6B017498F06A615D1CA4DFAD0B1D3137E784043A23C44548489CDBDD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:'''..OpenCV Python binary extension loader..'''..import os..import importlib..import sys....__all__ = []....try:.. import numpy.. import numpy.core.multiarray..except ImportError:.. print('OpenCV bindings requires "numpy" package.').. print('Install it via command:').. print(' pip install numpy').. raise....# TODO..# is_x64 = sys.maxsize > 2**32......def __load_extra_py_code_for_module(base, name, enable_debug_print=False):.. module_name = "{}.{}".format(__name__, name).. export_module_name = "{}.{}".format(base, name).. native_module = sys.modules.pop(module_name, None).. try:.. py_module = importlib.import_module(module_name).. except ImportError as err:.. if enable_debug_print:.. print("Can't load Python code for module:", module_name,.. ". Reason:", err).. # Extension doesn't contain extra py code.. return False.... if not hasattr(base, name):.. setattr(sys.modules[base], name, py_

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\config-3.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):748
                                                                                                                                                                                                                    Entropy (8bit):5.110506159030977
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:WSolITEO+RNIdjcFMlYFXe2LirYKMLFxAe5bHMnQBwmuTD9+sXWeZKMLFxAe5biw:MlY+34jamr0L7Ae5oJP9+oJL7Ae5mU9L
                                                                                                                                                                                                                    MD5:E8ED8F25854821C8910BCB8308507DCE
                                                                                                                                                                                                                    SHA1:8A3AC32D3DF44794E8A834A6B6A8A1ED3F3AA5F7
                                                                                                                                                                                                                    SHA-256:DE28C7B5213CCA148F09469916584611B3D66C1C8C432880259D6A3A92380213
                                                                                                                                                                                                                    SHA-512:F3F36EDF288A870F5E1F14F3B1113031721E12F30BF235B0E5385711E2BF7F08D0123E6AB14600AB069D2E692D81B7ABC3692FB69EED34374FEFAB3B24F03D86
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:PYTHON_EXTENSIONS_PATHS = [.. LOADER_DIR..] + PYTHON_EXTENSIONS_PATHS....ci_and_not_headless = False....try:.. from .version import ci_build, headless.... ci_and_not_headless = ci_build and not headless..except:.. pass....# the Qt plugin is included currently only in the pre-built wheels..if sys.platform.startswith("linux") and ci_and_not_headless:.. os.environ["QT_QPA_PLATFORM_PLUGIN_PATH"] = os.path.join(.. os.path.dirname(os.path.abspath(__file__)), "qt", "plugins".. )....# Qt will throw warning on Linux if fonts are not found..if sys.platform.startswith("linux") and ci_and_not_headless:.. os.environ["QT_QPA_FONTDIR"] = os.path.join(.. os.path.dirname(os.path.abspath(__file__)), "qt", "fonts".. )..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\config.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):123
                                                                                                                                                                                                                    Entropy (8bit):5.165836377533827
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:JSxrsr+A6+Ei7/erj5Erj+7IE3KTY5O8nkz6+Eov:arsrFEoidAM3Kk5PkBEy
                                                                                                                                                                                                                    MD5:FCB98FFC6E408D714FC0E0555B1FB530
                                                                                                                                                                                                                    SHA1:832A187368BED379942A0A6EF77D8057166DF7F6
                                                                                                                                                                                                                    SHA-256:D9E401B9A67304D69C48A494A485D106B534E02BF5776211C09F09BD671B295D
                                                                                                                                                                                                                    SHA-512:C679EB68F62D4D4361FB55BE7B052FCD3AD85BFF9DFE9ED27AFD7014C992F26851BF02E7A587AA411D08593C69A197603FAD685E976D2948F35240D5F87DC3F8
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:import os....BINARIES_PATHS = [.. os.path.join(os.path.join(LOADER_DIR, '../../'), 'x64/vc14/bin')..] + BINARIES_PATHS..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\cv2.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):70563840
                                                                                                                                                                                                                    Entropy (8bit):6.706082568802858
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:393216:M0fhUobQAIshiVtqvfVNMc3yFMbt9sVbPyfZo0kTLiAUhy9/K7:hQAIoiVtUNGnbuy9/K
                                                                                                                                                                                                                    MD5:D7DA5B3162FFA700995249599F70FF01
                                                                                                                                                                                                                    SHA1:A2B9ABDDACDA9D48310D0B1087E046FF4782A200
                                                                                                                                                                                                                    SHA-256:F4AC91A6005A1DD00A2A45B6FAD78570B1C57F2E591CEB40B8DBBCA6F33F8CB4
                                                                                                                                                                                                                    SHA-512:904B05AAE9AC14D4EA40A156C13070ABBB737C43E7758825731FDD7D93C72B5815FD22C3EF78326A1163A2484EB33A4BDB102C9E080357CEF9853F94B274ADA5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..........E...E...E...(......(..Z...(......(..D.... '.@.............<......k...(..@....E-.....E.......(..Y............F...E..4.............D.......D......D...RichE...........PE..d...U(.b.........." .....&'.."................................................F...........`..........................................K..P....c..@....PD.......)..Q...........`D..F...g..T....................h..(...Ph...............@'..............................text.............................. ..`IPPCODE............................. ..`.rdata...L...@'..N...*'.............@..@.data... +...........x..............@....pdata...Q....)..R..................@..@.tls......... B......b0.............@...IPPDATA..N...0B..P...d0.............@....gfids..l.....B.......0.............@..@_RDATA........B.......0.............@..@.rsrc........PD......n2.............@..@.reloc...F...`D..H...p2.

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\data\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):73
                                                                                                                                                                                                                    Entropy (8bit):4.5164686969838375
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:JSxrGSCcurj5ErAwGfnJFB:arGSLSdAAb
                                                                                                                                                                                                                    MD5:734F2F32C81B5CEDE1098394DAB581B5
                                                                                                                                                                                                                    SHA1:E07450D3F1924078DD09E0B1DEA8DD671DFE8801
                                                                                                                                                                                                                    SHA-256:F4CE16721ED7F623A4DCC443BA600D1856DB610CB2C3D53C13A8CA028CC68F6D
                                                                                                                                                                                                                    SHA-512:C0C9ADD6A1CD47F34C91B12AD369E887CFD28859824D258E1EED0C3495378DD950E214F8A540D66CD555ED8EFC810418DF3F13E09765D24D6FA26B09B44857C0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:import os....haarcascades = os.path.join(os.path.dirname(__file__), "")..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\gapi\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):9544
                                                                                                                                                                                                                    Entropy (8bit):4.687410551796531
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:mIntUjnLP6P7B4D7BP7Bb7BSr6qKaPt0C2Vqed/:m2eBNWKaPt0C2V9Z
                                                                                                                                                                                                                    MD5:A8DAF65821736070590704E3D65AAFE2
                                                                                                                                                                                                                    SHA1:46A337A76EA9A31FAEB05316677EB23E691AD8CB
                                                                                                                                                                                                                    SHA-256:30BAAA15F4AA081296A0532D322B6A674402358D81233A0A4946ADCA2E4074E0
                                                                                                                                                                                                                    SHA-512:B2708F1844B8438EA94D9457A953580692B291FDB5DE78E73188C4E758D002F2700235B7D03FC048C99E5761267871D32BAA2D3B8F8D0460969987432439A009
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:__all__ = ['op', 'kernel']....import sys..import cv2 as cv....# NB: Register function in specific module..def register(mname):.. def parameterized(func):.. sys.modules[mname].__dict__[func.__name__] = func.. return func.. return parameterized......@register('cv2.gapi')..def networks(*args):.. return cv.gapi_GNetPackage(list(map(cv.detail.strip, args)))......@register('cv2.gapi')..def compile_args(*args):.. return list(map(cv.GCompileArg, args))......@register('cv2')..def GIn(*args):.. return [*args]......@register('cv2')..def GOut(*args):.. return [*args]......@register('cv2')..def gin(*args):.. return [*args]......@register('cv2.gapi')..def descr_of(*args):.. return [*args]......@register('cv2')..class GOpaque():.. # NB: Inheritance from c++ class cause segfault... # So just aggregate cv.GOpaqueT instead of inheritance.. def __new__(cls, argtype):.. return cv.GOpaqueT(argtype).... class Bool():.. def __new__(self):..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\load_config_py3.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):271
                                                                                                                                                                                                                    Entropy (8bit):4.627093215673309
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:SoSvYFyMXS/qdadew7mZ6ALNCpvdYZ4un:kUFuT7mZlCpFw4u
                                                                                                                                                                                                                    MD5:EED4002FFE913424133D8F19FDF1C2A8
                                                                                                                                                                                                                    SHA1:F232D4C5ACF73885D8E0D70418FB2E1481D9271B
                                                                                                                                                                                                                    SHA-256:FF583A5874BE8F848E73C2F61B3A71680995926479C9BC436E6565C5CCE7CA07
                                                                                                                                                                                                                    SHA-512:115F32B21E99DEC9B50C766CC685F9387A0D0C1611A41540CA23B71579E2963E04A1E940C6C8F3447A26006DBC45F17013A7FFE97BE620B74F1CF20A21505B8E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# flake8: noqa..import os..import sys....if sys.version_info[:2] >= (3, 0):.. def exec_file_wrapper(fpath, g_vars, l_vars):.. with open(fpath) as f:.. code = compile(f.read(), os.path.basename(fpath), 'exec').. exec(code, g_vars, l_vars)..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\mat_wrapper\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):900
                                                                                                                                                                                                                    Entropy (8bit):4.775144685082797
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:07TR5S1i0N0QhKNAhno3oBoIVbOXono6RnZB:07SzN0QhKNuniM5iC/r
                                                                                                                                                                                                                    MD5:BC3A642376D2A30F669D2E649E726487
                                                                                                                                                                                                                    SHA1:9370B736A43871731AF68CF288A7F6A216890D62
                                                                                                                                                                                                                    SHA-256:DA6F165BDCA81F9F624275B248BC7C7C76C36E77CB87EBA08167CD5F2E6BD658
                                                                                                                                                                                                                    SHA-512:52D56B4E6B3E6559446162D40F47C30EFD30BEED2154CC770FD6E8FA1E66278EC569529F1CB2CE7F94FE9D6AE3BDA68AEAC18891B8E30CCE0C6070C1DA994095
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:__all__ = []....import sys..import numpy as np..import cv2 as cv....# NumPy documentation: https://numpy.org/doc/stable/user/basics.subclassing.html....class Mat(np.ndarray):.. '''.. cv.Mat wrapper for numpy array..... Stores extra metadata information how to interpret and process of numpy array for underlying C++ code... '''.... def __new__(cls, arr, **kwargs):.. obj = arr.view(Mat).. return obj.... def __init__(self, arr, **kwargs):.. self.wrap_channels = kwargs.pop('wrap_channels', getattr(arr, 'wrap_channels', False)).. if len(kwargs) > 0:.. raise TypeError('Unknown parameters: {}'.format(repr(kwargs))).... def __array_finalize__(self, obj):.. if obj is None:.. return.. self.wrap_channels = getattr(obj, 'wrap_channels', None)......Mat.__module__ = cv.__name__..cv.Mat = Mat..cv._registerMatType(Mat)..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                                    Entropy (8bit):3.968211974414884
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:1LT2QbQNQ4yL9v:1LT2Q8NQ4yJ
                                                                                                                                                                                                                    MD5:C6B0244719659C5EDEC0592AF112032A
                                                                                                                                                                                                                    SHA1:6BD926FE0C853A9938BDB5D9537BD88FD1EF5401
                                                                                                                                                                                                                    SHA-256:495BD79594CCE174673E372C85C4DD8F4FFDF2B3A73FD4623955B0D55DE0D462
                                                                                                                                                                                                                    SHA-512:28D80015309AC1AE19F048E9461D4D04B85CE16B9E68C58D7608351A39B8D3EC0235FCCFD928B0349082C702D890B6C6ABD36B8030A176BF05888AE8C493B545
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:from .version import get_ocv_version..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\misc\version.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):95
                                                                                                                                                                                                                    Entropy (8bit):4.525707419533802
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:JS4iydoKE4yLYfg+4zxNG364yLA9E5HJwv:mIXE4y0YpE6405pwv
                                                                                                                                                                                                                    MD5:2D3125F1843A670B9F3229A7BC362816
                                                                                                                                                                                                                    SHA1:E884BC3D05E5E732D1308DE67AA5F96BBF4FC69F
                                                                                                                                                                                                                    SHA-256:C93A418793FCB15B9B4316C0741B8336740E490E94F3B7D1EBE8CD5F6F23815C
                                                                                                                                                                                                                    SHA-512:BFDCF6BFC1D82E3ACAF625B5940CA169784427712F14895FD6CA92CC9C864F1A894FECF97BF2AFA6FC5CF4ABA9738A302D30024BC192F85025989C0D93A8B540
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:import cv2......def get_ocv_version():.. return getattr(cv2, "__version__", "unavailable")..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\opencv_videoio_ffmpeg460_64.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):20906496
                                                                                                                                                                                                                    Entropy (8bit):6.582898544528961
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:196608:hhwz9AsK7ytdEpgg0b0bS/L1wjuYo0mSrPFY2fxGoohKI:hI2pbpg1m41yPFY2JFo1
                                                                                                                                                                                                                    MD5:5F9E2B2E04C15F080F40E844DE80C867
                                                                                                                                                                                                                    SHA1:66FAF0E2F20CE4BC7E94E7C331CE00D4907057A3
                                                                                                                                                                                                                    SHA-256:A3F3D02B00B93DD578E2E93C8B9E811C08ACB10AC7FF90257484BDE160600666
                                                                                                                                                                                                                    SHA-512:1A1BA1BFDF2FD63298923002F8ABF923D7BC0ADA62F4FE5AD0957E519236F568637171DE3398E70ADE1B4EFFD63FBAD52782E99FEA848FDF1DBACBC5D580F2FB
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....*....>...~............p.............................P......k.?...`... ...............................................L%...@..8.....5.8............P..l........................... 0..(...................D................................text....*.......*..................`.P`.data....h...@...j..................@.`..rdata...14......24.................@..@.rodata.......4.......4.............@.P@.pdata..8.....5.......4.............@.0@.xdata...M....8..N....8.............@.0@.bss......~...>.......................`..edata...............=.............@.0@.idata..L%......&....=.............@.0..CRT....X.... ........=.............@.@..tls....h....0........>.............@.`..rsrc...8....@........>.............@.0..reloc..l....P........>.............@.0B........................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\utils\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):344
                                                                                                                                                                                                                    Entropy (8bit):4.438685267245838
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:1zBhJDyTH2XE2OTH2XRxEMGMBrMhWcROEoiZAIfH2Xc10F9vSumHcROEoiZWf:1zBHyLkOLejrMYccRIfh0FNSfcct
                                                                                                                                                                                                                    MD5:952D77A31C0171AE90C0086AA8E3FCC7
                                                                                                                                                                                                                    SHA1:000D22FD5A2545CEFBBF294D63415E82E232820A
                                                                                                                                                                                                                    SHA-256:2B16990B35B569AF1CA7239DC10F7B24EC62F27A46626B1E2F1271D2E1AA3554
                                                                                                                                                                                                                    SHA-512:36E5BEA12CDF8AE29D737F7062923AE4A1DBDB2C98904F9A35559222119FAFA836C4A7553F5CD9F5639043183155F5E93DFE731EBCF385349A8E4CA72D2E92B6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:from collections import namedtuple....import cv2......NativeMethodPatchedResult = namedtuple("NativeMethodPatchedResult",.. ("py", "native"))......def testOverwriteNativeMethod(arg):.. return NativeMethodPatchedResult(.. arg + 1,.. cv2.utils._native.testOverwriteNativeMethod(arg).. )..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\cv2\version.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):79
                                                                                                                                                                                                                    Entropy (8bit):4.581564134907341
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:K2T2Q2RLgLRi+gI/aIgZPGXV:K2Tb2SLvgMa1CV
                                                                                                                                                                                                                    MD5:12BB1DAFE9CBC62AEF01FF95D091AC78
                                                                                                                                                                                                                    SHA1:C2BCFC3D80B69BBAFFDFD011D0E7B3A9F93889E4
                                                                                                                                                                                                                    SHA-256:6607C7B4B4A63A30BBA4E55BF6338C1FD6A55EA928BAA8EC4138981624C0BA82
                                                                                                                                                                                                                    SHA-512:C437A34A621A83C62DA67EA38D12017814757828734BFBF62595FC6AC254B4C1B0D23D82E28D1E1EF0B32A7020683778816364042F073BADA31DB9B1786ECB48
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:opencv_version = "4.6.0.66"..contrib = False..headless = False..ci_build = True

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\libcrypto-3.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):5191960
                                                                                                                                                                                                                    Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                    MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                    SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                    SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                    SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\libffi-8.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):39696
                                                                                                                                                                                                                    Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                    MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                    SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                    SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                    SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\libssl-3.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):787224
                                                                                                                                                                                                                    Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                    MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                    SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                    SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                    SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):38168576
                                                                                                                                                                                                                    Entropy (8bit):6.305082264196138
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:196608:O99XmuJ2l6d6iET5BH6ZCy1iMq5NV2OzPWJAt+bOzPWVa+llOzPWIqzfr2V9EwS6:0OzPW5OzPW5OzPWIDMD9K6LSn1ZP
                                                                                                                                                                                                                    MD5:5E46C3D334C90C3029EB6AE2A3FE58F2
                                                                                                                                                                                                                    SHA1:AD3D806F720289CCB90CE8BFD0DA49FA99E7777B
                                                                                                                                                                                                                    SHA-256:57B87772BF676B5C2D718C79DDDC9F039D79EC3319FEE1398CC305ADFF7B69E5
                                                                                                                                                                                                                    SHA-512:4BD29D19B619076A64A928F3871EDCCE8416BCF100C1AA1250932479D6536D9497F2F9A2668C90B3479D0D4AB4234FFA06F81BC6B107FAD1BE5097FA2B60AB28
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.D........& ...$.....x......P.........{..............................`........F...`... ......................................P..Xe...................p...$...............V.............................(...................|...P............................text...............................`..`.data....,..........................@.`..rdata...L... ...N..................@.p@.pdata...$...p...&...X..............@.0@.xdata..p#.......$...~..............@.0@.bss.....~............................`..edata..Xe...P...f..................@.0@.idata..............................@.0..CRT....`............"..............@.@..tls.................$..............@.@..reloc...V.......X...&..............@.0B/4...... ....`.......~..............@.PB/19.....Y....p......................@..B/31......_...P...`...`..............@..B/45.................................@..B/57.....

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_tests.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):66048
                                                                                                                                                                                                                    Entropy (8bit):6.003054577936416
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:2p/PUg+VQrec6dx6gXZtu5sx0wtvnSPmFzO+ooKc3N8uKnSO:2pUdVQreR68/uItvSPmF6+oj8zKnSO
                                                                                                                                                                                                                    MD5:FB3B38CAD2F01D3BC798BCCDB258FE0D
                                                                                                                                                                                                                    SHA1:90578A26ABA4323B742B0958BED7FFB7F65AFC05
                                                                                                                                                                                                                    SHA-256:D9017D99E0B6CAD2F02462420793551FE9E6B836F3A800228CAAEED144A32B75
                                                                                                                                                                                                                    SHA-512:F2AE7FDB8B06FE2F45EC08B53B7ED0FF0F301592D824FB58BE736AA82EF5450DC629D0F0F58203767C31AD6388204FF5A29643C7693773AB87A49D1464A789FE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........T..............................................@......|.....`.........................................0........................ ...............0......P...............................p...8............... ............................text.............................. .P`.rdata..29.......:..................@.P@.data...............................@.P..pdata....... ......................@.0@.reloc.......0......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\core\_multiarray_umath.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2842624
                                                                                                                                                                                                                    Entropy (8bit):6.636417657712209
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:I/Yfw6/aTE+CyxakxYgfPpmh0By/TDwY6uSOuzLX4Bc6D:I/Aa/X2/TaOuzL
                                                                                                                                                                                                                    MD5:D55532990DC349038161734250BEB3C4
                                                                                                                                                                                                                    SHA1:152720C327306B13DF86649AC8B92291205D47F8
                                                                                                                                                                                                                    SHA-256:5D4F44389D1B4E9AA62AF63B716A0D4266DBB56FEFA9BF27831F85B695994DA5
                                                                                                                                                                                                                    SHA-512:A3DF71EB2DCFC00735F50C51D35DB1CC41DF9574C0DA8BB3ACC4071A1E426FBE6031214F6E651B3D8ECFDA604F4DD7D5736B73E48A4F96E7051D1DA23E6DAA93
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...... ........... .......................................-.....".,...`.........................................PX'.t....X'.,.............+.(............`-.|$....%............................. .%.8............. ..............................text...h. ....... ................. .P`.rdata........ ....... .............@.P@.data...P"....'.. ....'.............@.P..pdata..(.....+.......).............@.0@.reloc..|$...`-..&...:+.............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):110080
                                                                                                                                                                                                                    Entropy (8bit):6.157838883715469
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:dJ7u06kUyyTZDXZhTZdjrozKDaGE2A8wRdpdCqg4N1m:dJ7uYkVDXHVdozKe521wRFjz
                                                                                                                                                                                                                    MD5:12B5C60A32EBA22968A38A6802756643
                                                                                                                                                                                                                    SHA1:C6F9F0FA6383F70ABC672B83C18ED0A57A4C4BE8
                                                                                                                                                                                                                    SHA-256:F0A4DF58721CB85CA35F5F3B8C47538C53D57BBCCA4FC5C07A6C06AC4C5EF421
                                                                                                                                                                                                                    SHA-512:210F62D162A99881018F5C8103CA58826991AED70F39382CC59EE724976BD2655464B308FB52BB0C3FA7B8101379CD84D4E6430EABA0B65095AD11D53CDA27A3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|................................................................`.............................................x.......................................<.....................................8............................................text...X{.......|.................. .P`.rdata..p........ ..................@.P@.data...............................@.P..pdata..............................@.0@.reloc..<...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                    Entropy (8bit):6.296838464067195
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:XEXFL7JoLGR94dIIpxFlJz+G6jlTJdaWM0BCQUIGBpdJ0IGJQY5+7:GFxhUxFlJz+njlTX7sIGBpYIfY5+7
                                                                                                                                                                                                                    MD5:66A39E43EA06165E3B1F85591B8D4166
                                                                                                                                                                                                                    SHA1:F818C25E87E8212463D890D45D69262C02D718EE
                                                                                                                                                                                                                    SHA-256:7652E82C6C53249B911DDE9822B71A7ECBECBC699C79475862E779A51D7F1D0F
                                                                                                                                                                                                                    SHA-512:5320C8CC93854C2764CE825741DCAA92F938D99D70E5557F1439135642EAB0CB69D47F4B07418F9BEABBDC21BA1B583B5C8D25A0259A08483D436F96C18DA747
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....N...T.......R..............................................I4....`.............................................l...,........................................t...............................u..8............`..(............................text....M.......N.................. .P`.rdata...5...`...6...R..............@.P@.data...............................@.P..pdata..............................@.0@.reloc..............................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_bounded_integers.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):231936
                                                                                                                                                                                                                    Entropy (8bit):6.465023217901162
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:pibqI1hY1IQN7TBhPztGq6f+WGWHRtxyvJRWjwT6CLG:pibqI1hIzWfpHHRpjwC
                                                                                                                                                                                                                    MD5:529B52C49B02BD2BEA730864480DEB5F
                                                                                                                                                                                                                    SHA1:D6EB2734A5D56F1F2D8463B6BCA5E15858533A86
                                                                                                                                                                                                                    SHA-256:0C19EC0B3129F12DF51982AACE8478F8274A5B0D6A2206BE1D0E1EE0227C36A4
                                                                                                                                                                                                                    SHA-512:6A7D754F00211422083CCCE2E45514474B3A11499540C1F2B10CCB618A029CDF649800FE339ABF3D99D65712017B41710E2834488972C634240080D4093C170C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".................................................................;....`.........................................`e.. ....m..x...............P...............P....H...............................I..8............... ............................text............................... .P`.rdata..............................@.P@.data...8............t..............@.P..pdata..P............v..............@.0@.reloc..P...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_common.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):166400
                                                                                                                                                                                                                    Entropy (8bit):6.160577273521907
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:MEh3AzI0GZVlTesyp0k3itVoBzSuncckrx:ME5UI0GZVNUKVyzSuwl
                                                                                                                                                                                                                    MD5:AD51D76EE240BD86A265B24C0B333A68
                                                                                                                                                                                                                    SHA1:D01393A006A5296509E7229587781209CCDAD5D4
                                                                                                                                                                                                                    SHA-256:774BF3E20E2B1CA9797DEB1DACCB88A776A70C8555A501454D8D900A14585134
                                                                                                                                                                                                                    SHA-512:5AAE5F028DFE11EAAB0487E8AA1F23E8247ACB313A565F4FCD689E9CAE36B3F8F82B03C343319F6C5DF16CD7B3248F772F0E22EAA969D9505F13767D7F96E990
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........l......P.....................................................`..........................................p..`...@q..x...............`...................P`..............................p`..8............0.. ............................text............................... .P`.rdata...W...0...X..................@.P@.data................v..............@.P..pdata..`............~..............@.0@.reloc..............................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_generator.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):689152
                                                                                                                                                                                                                    Entropy (8bit):6.322838946171552
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:5ETIZathfkd4ALQhTFdsQLRsfxU2exLmxHjw9:5UI2hfkKXIqRsimxDO
                                                                                                                                                                                                                    MD5:164836D939FAFE8984ECEFDCFBB0E5F3
                                                                                                                                                                                                                    SHA1:D293BD8BEE4472EC70FF4EB48F21E99873A9A7D5
                                                                                                                                                                                                                    SHA-256:8979528423FAFFA32D4D6EDDDC0B3591B8FD465C7549263267C4B249E2F1D03B
                                                                                                                                                                                                                    SHA-512:AF557834EA7AF9486FF1A29E1F0892710ED2DB4AFAFC19425DB7840B606C277E197D1AEEA311BC247A0346EDF5E60AE3CCCCDA799736719E384854E14367F3E4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."..... ...`......P$....................................................`..........................................0.......9..................................h... ...............................@...8............0...............................text...X........ .................. .P`.rdata...$...0...&...$..............@.P@.data....0...`.......J..............@.P..pdata...............b..............@.0@.reloc..h...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_mt19937.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):75776
                                                                                                                                                                                                                    Entropy (8bit):6.184143783442698
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:wQsDzNnw+v/wz2tdBnjzDQODdPRmdDlEhRZAAf2:0/NnrFtbjzDSqZAAf2
                                                                                                                                                                                                                    MD5:584FECCDD6B1C2EAE4542DD0B904B62F
                                                                                                                                                                                                                    SHA1:AE03F9F6581691AF5E20C9C08261B23281381CF5
                                                                                                                                                                                                                    SHA-256:592238B7A62FB033724CFD745BE6036700F584D6C4EE8BAF83CB77788320AA49
                                                                                                                                                                                                                    SHA-512:3CC3F16DBB016CA8FA1B77D5A6645C145AB6395094B684719A0E79D602F5FABEDA703E93280751ED2FF6E1B6AF022729E7266003C830FA11CAA07264C8594FA1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........h......0........................................`............`.............................................`...0...x............@..l............P..|...P...............................p...8............................................text.............................. .P`.rdata...X.......Z..................@.P@.data........0......................@.P..pdata..l....@......................@.0@.reloc..|....P.......&..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_pcg64.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):81920
                                                                                                                                                                                                                    Entropy (8bit):6.087560690305921
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:biIRay9hKIybw+rNQ1TtMO+dvxHOJVxi0IW5kV+QCL:biEay3KdwINT45kjCL
                                                                                                                                                                                                                    MD5:A8E6750ED267966383A609EC792C685F
                                                                                                                                                                                                                    SHA1:90FEEA117EE18F31F535C3532498F6B7FA0C2042
                                                                                                                                                                                                                    SHA-256:D9A1618BA4515EB6C41DCAC7B99400D07E22CD56AD4F3BA94CB84DD231CF73A8
                                                                                                                                                                                                                    SHA-512:886D6F78190D95194DFDBA8D762E4771A247698DB33D5062D057C9980C0F5EECD41B499E515158635103855014268AEA50E54A536F435BFEC0D5D88C80C0DFFD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........t............................................................`........................................../..\..../..x............`...............p......0#..............................P#..8............................................text...h........................... .P`.rdata...a.......b..................@.P@.data........P......................@.P..pdata.......`.......6..............@.0@.reloc.......p.......>..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_philox.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):68608
                                                                                                                                                                                                                    Entropy (8bit):6.069477764402404
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:2Yxx34cosUUi69HSSH62RwNBkG7B5F6EsEkCz:2Yv34cIYHSfmABXB5FNsTCz
                                                                                                                                                                                                                    MD5:A60E04B0394C6C866B60E75F400A67AD
                                                                                                                                                                                                                    SHA1:F497E3E03A348F4C56EB344AEFC8B02684596705
                                                                                                                                                                                                                    SHA-256:34363ADD569504B32533FA65B6933FEB2BA2BCF0FE10BE47C55FBDAD2E223DF8
                                                                                                                                                                                                                    SHA-512:27BB1D74C404E57EA224F4674600DA5579971846D24714B949AD417B62E1E3E28DA839ECE9B181E7E82CB7E13C86FC36CECB582A83F4BA07FD799AD9D3386A84
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........`......P........................................P.......Z....`.........................................P...`.......x............0...............@..|.......................................8............................................text............................... .P`.rdata...R.......T..................@.P@.data........ ......................@.P..pdata.......0......................@.0@.reloc..|....@......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\_sfc64.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):50688
                                                                                                                                                                                                                    Entropy (8bit):5.8525565230122005
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:AQM78rBJOygV508lRcuyAGYpFpoiLqAliHsXaMoP9prWEGB+AQb:kcgygVTXy2bK9hWEGBeb
                                                                                                                                                                                                                    MD5:856FFE343F272E780AC3ED041D897B24
                                                                                                                                                                                                                    SHA1:51A5C18A6D18ADA3C1AFF6E9B0D39412F0E24C79
                                                                                                                                                                                                                    SHA-256:A241DFD9D3ABAEFF3028BA98BD8C573D4F8C7D2990119634B4A280FC3FD33DE9
                                                                                                                                                                                                                    SHA-512:C25B96EA2F361E7E96B28637F3627E68FF62C002AFB0CE9FDFA063E4F2710CCB266B7C16E33680562E15BC51C24037439F5998A5880F6D0C50E77AF0783A3123
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....x...J.......{..............................................u+....`.........................................p...\......x...............................p......................................8............................................text...Xv.......x.................. .P`.rdata...=.......>...|..............@.P@.data...............................@.P..pdata..............................@.0@.reloc..p...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\bit_generator.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):160768
                                                                                                                                                                                                                    Entropy (8bit):6.214708872978979
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:PXgz4CqKMhZ94MRlneHFucDJeX2bmt+d6hjLXgi8ksDEV2+WarahR2+WarahTYzy:PXgz4CqKMhZKWQ/VeXKvEhPqYV2+WarJ
                                                                                                                                                                                                                    MD5:A27D874D126DF629614703F1134780E4
                                                                                                                                                                                                                    SHA1:99E381D2CD69CCDBFED7D849402431EA729779C5
                                                                                                                                                                                                                    SHA-256:D335D1443E324A7A89582CC3E85BD850198EB3133C3DD38C7F55C6F609B0CFD8
                                                                                                                                                                                                                    SHA-512:838183B2982749369AAD8E0629D4FCD8DE06BE43C5FDA4D679B69C1C3F4384F1C85C5FD5337E58EC77345EDC58174CC03396E0037C870B2562AE622CCCB5678E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."................P.....................................................`.........................................@G..l....G..x....................................5...............................5..8............................................text............................... .P`.rdata..............................@.P@.data...h!...`.......R..............@.P..pdata...............f..............@.0@.reloc...............r..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\numpy\random\mtrand.cp312-win_amd64.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):582656
                                                                                                                                                                                                                    Entropy (8bit):6.216834747982176
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:C+cobb/pPmUiJ8u1Qqauw3Gzeh4t/4gP4KBSkPSoHRSKrkSoSL7MSquASLSqSwSW:1cob9Pmp/AuMhwPXZ0X2beSn+yijwd
                                                                                                                                                                                                                    MD5:AD162EB4F28E629F32406D20DD556A4C
                                                                                                                                                                                                                    SHA1:3036913134C3E7C464DC7C4785294845C877BF1E
                                                                                                                                                                                                                    SHA-256:2DF309F3CC66116966484FCC466CEF200AFF8D2A4C8EA482D3530B5CCCB89394
                                                                                                                                                                                                                    SHA-512:B0CD6357365E2B68ED9D6E9EF5F22B211851842C7D88FCD9DA2FA9B5B3B4D78846432CAF2A58DC786794A412DFA1CD185C609043563B25AB80B368A9B5AA2ADE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........(...............................................@.......)....`..................................................................................0......P...............................p...8...............x............................text............................... .P`.rdata..............................@.P@.data...(#..........................@.P..pdata..............................@.0@.reloc.......0......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):67072
                                                                                                                                                                                                                    Entropy (8bit):5.905419806967227
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:1536:BWseNxkc7Xva0Y420G1UD+dS4QBeLmRy:BWkcbi0Y42bUD+dS44eiRy
                                                                                                                                                                                                                    MD5:3CBA71B6BC59C26518DC865241ADD80A
                                                                                                                                                                                                                    SHA1:7E9C609790B1DE110328BBBCBB4CD09B7150E5BD
                                                                                                                                                                                                                    SHA-256:E10B73D6E13A5AE2624630F3D8535C5091EF403DB6A00A2798F30874938EE996
                                                                                                                                                                                                                    SHA-512:3EF7E20E382D51D93C707BE930E12781636433650D0A2C27E109EBEBEBA1F30EA3E7B09AF985F87F67F6B9D2AC6A7A717435F94B9D1585A9EB093A83771B43F2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\pyexpat.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):201496
                                                                                                                                                                                                                    Entropy (8bit):6.366374012034735
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:Vxsz9EOW5PJ/arVxu15xINl7YNlYWarOaBnnOeqeRU5U5r9JhIjLhsuC:XydMhaRxU5xINl7ClYBBnOc5pJF
                                                                                                                                                                                                                    MD5:5E911CA0010D5C9DCE50C58B703E0D80
                                                                                                                                                                                                                    SHA1:89BE290BEBAB337417C41BAB06F43EFFB4799671
                                                                                                                                                                                                                    SHA-256:4779E19EE0F4F0BE953805EFA1174E127F6E91AD023BD33AC7127FEF35E9087B
                                                                                                                                                                                                                    SHA-512:E3F1DB80748333F08F79F735A457246E015C10B353E1A52ABE91ED9A69F7DE5EFA5F78A2ED209E97B16813CB74A87F8F0C63A5F44C8B59583851922F54A48CF5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A~..A~..A~..H...M~..G...C~..G...L~..G...I~..G...B~......C~......B~..A~..5~......E~......@~....}.@~......@~..RichA~..........PE..d....K.f.........." ...&..................................................... ............`.............................................P...P...................T......../..........`4..T........................... 3..@............ ...............................text...O........................... ..`.rdata..$.... ......................@..@.data...l ..........................@....pdata..T...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\python3.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):68376
                                                                                                                                                                                                                    Entropy (8bit):6.149155712539885
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:dHmHXV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0y3:dHmHXDmF61JFn+/O4hIjL017Sy/bxe
                                                                                                                                                                                                                    MD5:79B02450D6CA4852165036C8D4EAED1F
                                                                                                                                                                                                                    SHA1:CE9FF1B302426D4C94A2D3EA81531D3CB9E583E4
                                                                                                                                                                                                                    SHA-256:D2E348E615A5D3B08B0BAC29B91F79B32F0C1D0BE48976450042462466B51123
                                                                                                                                                                                                                    SHA-512:47044D18DB3A4DD58A93B43034F4FAFA66821D157DCFEFB85FCA2122795F4591DC69A82EB2E0EBD9183075184368850E4CAF9C9FEA0CFE6F766C73A60FFDF416
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?e..?e..?e...m..?e...e..?e......?e...g..?e.Rich.?e.........................PE..d...fK.f.........." ...&.............................................................t....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\python312.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6928664
                                                                                                                                                                                                                    Entropy (8bit):5.765764546579782
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:77dFcaC296MwQx0AWOO5JqSEShouly4XUV/x3aOvi5lnX79DxW/En8tdFNPhD2SI:7Z+aCnAh8lRA4jvE0ivHHDMiEBaw
                                                                                                                                                                                                                    MD5:3C388CE47C0D9117D2A50B3FA5AC981D
                                                                                                                                                                                                                    SHA1:038484FF7460D03D1D36C23F0DE4874CBAEA2C48
                                                                                                                                                                                                                    SHA-256:C98BA3354A7D1F69BDCA42560FEEC933CCBA93AFCC707391049A065E1079CDDB
                                                                                                                                                                                                                    SHA-512:E529C5C1C028BE01E44A156CD0E7CAD0A24B5F91E5D34697FAFC395B63E37780DC0FAC8F4C5D075AD8FE4BD15D62A250B818FF3D4EAD1E281530A4C7E3CE6D35
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ._.A...A...A.......A.......A.......A.......A.......A...9e..A...9...A...A...@......cA.......A.......A.......A..Rich.A..........PE..d...cK.f.........." ...&..(..*B.....8.........................................j.....$cj...`.........................................0nN.d....;O...... i......._.TI....i../...0i..Z....2.T.....................H.(...`.2.@............0(..............................text...r.(.......(................. ..`.rdata...0'..0(..2'...(.............@..@.data....D...pO......PO.............@....pdata..TI...._..J....^.............@..@PyRuntim......b......"a.............@....rsrc........ i......$h.............@..@.reloc...Z...0i..\....h.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pythoncom312.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):670720
                                                                                                                                                                                                                    Entropy (8bit):6.031732543230407
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:NQB2xCzIWn6O6X0f3O+0kMFN8v4+arfopdLvt:NQQxHWn66f++0k2FWt
                                                                                                                                                                                                                    MD5:A2CC25338A9BB825237EF1653511A36A
                                                                                                                                                                                                                    SHA1:433DED40BAB01DED8758141045E3E6658D435685
                                                                                                                                                                                                                    SHA-256:698B9B005243163C245BFA22357B383E107A1D21A8C420D2EF458662E410422F
                                                                                                                                                                                                                    SHA-512:8D55D3F908E2407662E101238DACDBD84AE197E6E951618171DEEAC9CFB3F4CB12425212DBFD691A0B930DA43E1A344C5004DE7E89D3AEC47E9063A5312FA74B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`...3...3...3..\3...3...2...3...2...3...2...3...2...3...2...3U..2...3...2...3...3..3U..2..3U..2...3U..2...3Rich...3................PE..d...|..d.........." ......................................................................`..........................................U...c..............l....@...z............... ......T...........................@...8............................................text............................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):134656
                                                                                                                                                                                                                    Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                    MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                    SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                    SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                    SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\select.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):30488
                                                                                                                                                                                                                    Entropy (8bit):6.576230704358061
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:vNnMgHqxp1GPn5hIjQGl5YiSyv38aAMxkE7:vNnMgKxp1U5hIjQGr7Sy/8Yxn
                                                                                                                                                                                                                    MD5:92B440CA45447EC33E884752E4C65B07
                                                                                                                                                                                                                    SHA1:5477E21BB511CC33C988140521A4F8C11A427BCC
                                                                                                                                                                                                                    SHA-256:680DF34FB908C49410AC5F68A8C05D92858ACD111E62D1194D15BDCE520BD6C3
                                                                                                                                                                                                                    SHA-512:40E60E1D1445592C5E8EB352A4052DB28B1739A29E16B884B0BA15917B058E66196988214CE473BA158704837B101A13195D5E48CB1DC2F07262DFECFE8D8191
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.tb..'b..'b..'k.V'`..'d(.&`..'d(.&n..'d(.&j..'d(.&f..'.(.&`..'b..' ..')..&g..'.(.&c..'.(.&c..'.(:'c..'.(.&c..'Richb..'........PE..d....K.f.........." ...&.....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...X....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\unicodedata.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1137944
                                                                                                                                                                                                                    Entropy (8bit):5.462087550450309
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:/rEHdcM6hb4CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciQn:/rEXtCjfk7bPNfv42BN6yzUiQn
                                                                                                                                                                                                                    MD5:16BE9A6F941F1A2CB6B5FCA766309B2C
                                                                                                                                                                                                                    SHA1:17B23AE0E6A11D5B8159C748073E36A936F3316A
                                                                                                                                                                                                                    SHA-256:10FFD5207EEFF5A836B330B237D766365D746C30E01ABF0FD01F78548D1F1B04
                                                                                                                                                                                                                    SHA-512:64B7ECC58AE7CF128F03A0D5D5428AAA0D4AD4AE7E7D19BE0EA819BBBF99503836BFE4946DF8EE3AB8A92331FDD002AB9A9DE5146AF3E86FEF789CE46810796B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#.."...#..&...#..'...#.. ...#..."...#..x"...#..."...#.......#...#...#......#...!...#.Rich..#.................PE..d....K.f.........." ...&.>..........\*.......................................p.......Q....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\_win32sysloader.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):14848
                                                                                                                                                                                                                    Entropy (8bit):5.116470324236407
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:yxCm72PEO1jIUs0YqEcPbF55UgCWV4rofnbPietE4kqDLWn7ycLmr0/:gardA0Bzx14r6nbKJ0Wr/
                                                                                                                                                                                                                    MD5:7CFF63D632A7024E62DB2A2BCE9A1B24
                                                                                                                                                                                                                    SHA1:6A0BC8ADD112CC66EE4FD1C907F2F7E49B6BD1CF
                                                                                                                                                                                                                    SHA-256:DF8BA0C5B50CA3B5C0B3857F926118EFBEB9744B8F382809858BA426BF4A2268
                                                                                                                                                                                                                    SHA-512:3FC02CB3BBD71B75BDC492DC2C89C9D59839AA484CFAFF3FD6537AE8BB3427969CD9EF90978F5CB25A87AF8D2CAE96E2184FDC59115E947A05AA9E0378807227
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.f. ... ... ...).."...r..."...4..."...r...+...r...(...r...#.......#... ...........!.......!.......!...Rich ...........PE..d......d.........." ......................................................................`..........................................;..`...`;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..$....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32api.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):133632
                                                                                                                                                                                                                    Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                    MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                    SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                    SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                    SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32pdh.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):34816
                                                                                                                                                                                                                    Entropy (8bit):5.607776737873708
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:qTtWWcU+d47NgCuVuA7dBm7BZ1CHrWBGwm3ReuuR+F1igomqhPGZGQvD3+VC5pEa:qM47+YedBm0WBgIuuGigahAF7+m2Ca
                                                                                                                                                                                                                    MD5:1580EE4142FB1F90F00B9F5A3CA297EB
                                                                                                                                                                                                                    SHA1:BC730100B6E8C85F709BCFB4FD7A81FB91ABF7D1
                                                                                                                                                                                                                    SHA-256:BD3F16AFB19AF91B016AB3E9669CD845F70F7A4B7A2489A81F312F060B1FB020
                                                                                                                                                                                                                    SHA-512:692C4A0595B715B14A53B41DD192AFB3058A85530975C0CAC673F3D70A2AA31FA66762FC7F453739B35971559F33E6CB20C62FC13C79796E43FF14A8728A26A1
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d.wKd.wKd.wKm..Kb.wK6.vJ`.wKp.vJf.wK6.rJh.wK6.sJl.wK6.tJg.wK..vJa.wKd.vK<.wK..~Je.wK..wJe.wK..uJe.wKRichd.wK........PE..d......d.........." .....D...@.......@....................................................`.........................................@...P...............\............................p..T............................p..8............`...............................text....C.......D.................. ..`.rdata..X,...`.......H..............@..@.data...x............v..............@....pdata...............z..............@..@.rsrc...\...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI67762\win32\win32trace.pyd

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):23040
                                                                                                                                                                                                                    Entropy (8bit):5.356227710749481
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:JbuxajLxmByUDH2So0JVPYesgA0T8Dm7R8WnjVDtErNnpC9a1BC:JS4UDWC0e8WjVZc68B
                                                                                                                                                                                                                    MD5:0F65C9D8A87799FFB6D932FC0D323E24
                                                                                                                                                                                                                    SHA1:11E25879E1BF09A3589404C2AD8D0720FE82D877
                                                                                                                                                                                                                    SHA-256:764915DAD87ABC6252251699A2A98EFB0C23C296239E96F567CD76E242C897E1
                                                                                                                                                                                                                    SHA-512:5B6B6B3E38F390BEEA18A66627E5B82B5E0B0294E1941968E755D5F9AFE00436778ADC153D8D8E3110CC03D30276FF18920150C5BD4D672821CB285F5E1EF121
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>].OP..OP..OP..7...OP..:Q..OP..:U..OP..:T..OP..:S..OP..:Q..OP..$Q..OP..OQ..OP..:Y..OP..:P..OP..:R..OP.Rich.OP.................PE..d......d.........." .....*...,.......'....................................................`..........................................Q..T...dQ..........d....p.......................G..T...........................0H..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....`.......J..............@....pdata.......p.......P..............@..@.rsrc...d............T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gen_py\3.12\__init__.py

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                    Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                    MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                    SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                    SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                    SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gen_py\3.12\dicts.dat

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):10
                                                                                                                                                                                                                    Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                    MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                    SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                    SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                    SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..K....}..

                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):7.996116787251937
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                    File name:SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    File size:61'059'752 bytes
                                                                                                                                                                                                                    MD5:ff57493246d69a959b3edce7d4d43e36
                                                                                                                                                                                                                    SHA1:759ba6811c4d8a891a42523f5d8a6cb2fb14ea17
                                                                                                                                                                                                                    SHA256:9c759b30dc3b3f36e739f7549b21112329686673e3673a697cb3d41cb13a3962
                                                                                                                                                                                                                    SHA512:b7178899341ff3d0137c86d5bee90fdb3a6fc8de80948f47d8c2e90b43d2b0d9a7a0a8cb941c6f693f0b3bf6ebde170f402bb8c16ed6454b99498dc8cb9c7d24
                                                                                                                                                                                                                    SSDEEP:1572864:hQH4xiwANp72wpeeZZzg0TBkSLjB/iIJ2qHWB75iVf6Pk:h5QwANp7y41T/LjBnJ2qHO5iVf6P
                                                                                                                                                                                                                    TLSH:BBD733886B5268FDF7BF623FD1528F968872700D123156AF67F440382F471EA55FA222
                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................-.....................,.............................................................Rich...........

                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                    Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Entrypoint:0x14000c330
                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0x662414C2 [Sat Apr 20 19:17:22 2024 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                    OS Version Minor:2
                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                    File Version Minor:2
                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                    Subsystem Version Minor:2
                                                                                                                                                                                                                    Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                    call 00007FD884E35C8Ch
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                    jmp 00007FD884E358AFh
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                    call 00007FD884E36204h
                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                    je 00007FD884E35A53h
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                    jmp 00007FD884E35A37h
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                                                    je 00007FD884E35A46h
                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    cmpxchg dword ptr [000351BCh], ecx
                                                                                                                                                                                                                    jne 00007FD884E35A20h
                                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                                    jmp 00007FD884E35A29h
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                    test ecx, ecx
                                                                                                                                                                                                                    jne 00007FD884E35A39h
                                                                                                                                                                                                                    mov byte ptr [000351A5h], 00000001h
                                                                                                                                                                                                                    call 00007FD884E36011h
                                                                                                                                                                                                                    call 00007FD884E36618h
                                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                                    jne 00007FD884E35A36h
                                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                                    jmp 00007FD884E35A46h
                                                                                                                                                                                                                    call 00007FD884E4457Fh
                                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                                    jne 00007FD884E35A3Bh
                                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                                    call 00007FD884E36628h
                                                                                                                                                                                                                    jmp 00007FD884E35A1Ch
                                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                    inc eax
                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                                                                    cmp byte ptr [0003516Ch], 00000000h
                                                                                                                                                                                                                    mov ebx, ecx
                                                                                                                                                                                                                    jne 00007FD884E35A99h
                                                                                                                                                                                                                    cmp ecx, 01h
                                                                                                                                                                                                                    jnbe 00007FD884E35A9Ch
                                                                                                                                                                                                                    call 00007FD884E3617Ah
                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                    je 00007FD884E35A5Ah
                                                                                                                                                                                                                    test ebx, ebx
                                                                                                                                                                                                                    jne 00007FD884E35A56h
                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                    lea ecx, dword ptr [00035156h]
                                                                                                                                                                                                                    call 00007FD884E44372h

                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3e0940x78.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x430000x2304.pdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x758.reloc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3b4400x1c.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3b3000x140.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2c0000x420.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                    .text0x10000x2adb00x2ae0075d19a4940b1c41e95d0f65f35d07455False0.5456735149416909data6.502519008894634IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rdata0x2c0000x12ebc0x13000832c8fa066fe25017c080996babcb78cFalse0.5153551603618421data5.816319504111791IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .data0x3f0000x33b80xe00c77d6acf176d4b487ea671c3fd3a6945False0.13392857142857142firmware 32a2 vdf2d (revision 2569732096) \377\377\377\377 , version 256.0.512, 0 bytes or less, at 0xcd5d20d2 1725235199 bytes , at 0 0 bytes , at 0xffffffff 16777216 bytes1.828047079050098IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .pdata0x430000x23040x2400f9c9a5a34be2cb8fd1246f51c7b22c72False0.4797092013888889data5.38202672986895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    _RDATA0x460000x1f40x2004ec0234c233e8c5ae54cd80f9630ff86False0.525390625data3.698330622853966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .reloc0x570000x7580x800f1d633c1708caf707b59b5e59d6f78b3False0.54443359375data5.24651730799357IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                    RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                    RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                    RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                    RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                    RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                    RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                    RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                    RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                                    RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                    USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                    COMCTL32.dll
                                                                                                                                                                                                                    KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Apr 27, 2024 00:52:17.774014950 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:18.146466970 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:18.656905890 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:19.030339956 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:19.531970978 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:19.903886080 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:20.406883001 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:20.779620886 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:21.281884909 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:21.665873051 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:22.813925028 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:23.199750900 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:23.703815937 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:24.075501919 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:24.578671932 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:24.960881948 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:25.469355106 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:25.870515108 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:26.375515938 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:26.774044037 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:27.775495052 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:28.171926022 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:28.681022882 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:29.056763887 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:29.571683884 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:33.571583986 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:33.943233967 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:34.446563005 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:34.851600885 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:36.084939957 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:36.489428997 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:36.992794037 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:37.392927885 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:37.899049997 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:38.283195972 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:38.789693117 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:39.161659002 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:39.805443048 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:40.180669069 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:41.251508951 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:41.635828972 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:42.194392920 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:42.567931890 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:43.069406033 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:43.459877014 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:43.975718021 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:44.348072052 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:44.852109909 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:45.230725050 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:46.236423016 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:46.609112978 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:47.110169888 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:47.507208109 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:48.016403913 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:48.406680107 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:48.907011986 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:49.278834105 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:49.782011032 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:50.169413090 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:51.171161890 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:51.553245068 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:52.060801983 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:52.439817905 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:52.951339960 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:53.323771000 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:53.826474905 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:54.208848000 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:54.716980934 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:55.089081049 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:56.090092897 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:56.468720913 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:56.980005980 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:57.352513075 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:57.855078936 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:58.227859974 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:58.730072021 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:59.102214098 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:52:59.605114937 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:52:59.977134943 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:00.978187084 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:01.374128103 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:01.883704901 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:02.269092083 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:02.774364948 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:03.156677008 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:03.664992094 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:04.037816048 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:04.539953947 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:04.915368080 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:05.930146933 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:06.303337097 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:06.804523945 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:07.177344084 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:07.679513931 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:08.052391052 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:08.554603100 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:08.927887917 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:09.429507017 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:09.801908970 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:13.750624895 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:14.124614954 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:14.652333021 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:15.031989098 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:15.543013096 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:15.921442032 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:16.433655977 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:16.805676937 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:17.308599949 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:17.686783075 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:18.687742949 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:19.060967922 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:19.562271118 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:19.942130089 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:20.452801943 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:20.860939026 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:21.374749899 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:21.779180050 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:22.280946970 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:22.677990913 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:23.679325104 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:24.054574013 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:24.569226027 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:24.966448069 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:25.476990938 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:25.876035929 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:26.381725073 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:26.790354967 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:27.303761005 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:27.701566935 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:28.703041077 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:29.091114998 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:29.593055010 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:29.966903925 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:30.467963934 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:30.840915918 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:31.342989922 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:31.720555067 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:32.233623981 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:32.633732080 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:33.863547087 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:34.258776903 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:34.759164095 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:35.139353991 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:35.649796963 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:36.048985004 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:36.556490898 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:36.940911055 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:37.446753979 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:37.828273058 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:38.926858902 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:39.318748951 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:39.829704046 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:40.206329107 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:40.720402002 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:41.118139029 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:41.626549959 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:42.006297112 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:42.517183065 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:42.923264980 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:43.924407005 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:44.317805052 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:44.830190897 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:45.221194983 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:45.736716986 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:46.133584976 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:46.642750978 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:47.045403004 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:47.548974037 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:47.933104992 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:48.934159040 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:49.341519117 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:49.855424881 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:50.226982117 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:50.730458021 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:51.111107111 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:51.621110916 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:52.024069071 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:52.527264118 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:52.902475119 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:53.903465033 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:54.278413057 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:54.793514013 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:55.185636997 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:55.699634075 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:56.090225935 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:56.605983973 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:56.990825891 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:57.496552944 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:57.879290104 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:58.880625010 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:53:59.252280951 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:53:59.755131960 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:00.128273010 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:00.630064011 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:01.003369093 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:01.505162001 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:09.505105972 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:09.912718058 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:10.914031982 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:11.290494919 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:11.803898096 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:12.181308031 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:12.694520950 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:13.082021952 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:13.585153103 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:13.968059063 CEST808049706129.154.46.185192.168.2.5
                                                                                                                                                                                                                    Apr 27, 2024 00:54:14.475893021 CEST497068080192.168.2.5129.154.46.185
                                                                                                                                                                                                                    Apr 27, 2024 00:54:14.859447956 CEST808049706129.154.46.185192.168.2.5

                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Apr 27, 2024 00:52:17.607192039 CEST6415853192.168.2.51.1.1.1
                                                                                                                                                                                                                    Apr 27, 2024 00:52:17.770482063 CEST53641581.1.1.1192.168.2.5

                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Apr 27, 2024 00:52:17.607192039 CEST192.168.2.51.1.1.10x3586Standard query (0)vyapar.vaisworks.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Apr 27, 2024 00:52:17.770482063 CEST1.1.1.1192.168.2.50x3586No error (0)vyapar.vaisworks.com129.154.46.185A (IP address)IN (0x0001)false

                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                    Start time:00:52:04
                                                                                                                                                                                                                    Start date:27/04/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe"
                                                                                                                                                                                                                    Imagebase:0x7ff60f2d0000
                                                                                                                                                                                                                    File size:61'059'752 bytes
                                                                                                                                                                                                                    MD5 hash:FF57493246D69A959B3EDCE7D4D43E36
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                    Start time:00:52:14
                                                                                                                                                                                                                    Start date:27/04/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe"
                                                                                                                                                                                                                    Imagebase:0x7ff60f2d0000
                                                                                                                                                                                                                    File size:61'059'752 bytes
                                                                                                                                                                                                                    MD5 hash:FF57493246D69A959B3EDCE7D4D43E36
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:9.9%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                      Signature Coverage:18.1%
                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                      Total number of Limit Nodes:31
                                                                                                                                                                                                                      execution_graph 20316 7ff60f2ebb70 20317 7ff60f2ebb75 20316->20317 20321 7ff60f2ebb8a 20316->20321 20322 7ff60f2ebb90 20317->20322 20323 7ff60f2ebbd2 20322->20323 20324 7ff60f2ebbda 20322->20324 20325 7ff60f2eb4ec __free_lconv_mon 11 API calls 20323->20325 20326 7ff60f2eb4ec __free_lconv_mon 11 API calls 20324->20326 20325->20324 20327 7ff60f2ebbe7 20326->20327 20328 7ff60f2eb4ec __free_lconv_mon 11 API calls 20327->20328 20329 7ff60f2ebbf4 20328->20329 20330 7ff60f2eb4ec __free_lconv_mon 11 API calls 20329->20330 20331 7ff60f2ebc01 20330->20331 20332 7ff60f2eb4ec __free_lconv_mon 11 API calls 20331->20332 20333 7ff60f2ebc0e 20332->20333 20334 7ff60f2eb4ec __free_lconv_mon 11 API calls 20333->20334 20335 7ff60f2ebc1b 20334->20335 20336 7ff60f2eb4ec __free_lconv_mon 11 API calls 20335->20336 20337 7ff60f2ebc28 20336->20337 20338 7ff60f2eb4ec __free_lconv_mon 11 API calls 20337->20338 20339 7ff60f2ebc35 20338->20339 20340 7ff60f2eb4ec __free_lconv_mon 11 API calls 20339->20340 20341 7ff60f2ebc45 20340->20341 20342 7ff60f2eb4ec __free_lconv_mon 11 API calls 20341->20342 20343 7ff60f2ebc55 20342->20343 20348 7ff60f2eba38 20343->20348 20362 7ff60f2f1298 EnterCriticalSection 20348->20362 19956 7ff60f2e58f0 19957 7ff60f2e58fb 19956->19957 19965 7ff60f2efd44 19957->19965 19978 7ff60f2f1298 EnterCriticalSection 19965->19978 20728 7ff60f2d9de9 20730 7ff60f2d9dee memcpy_s 20728->20730 20729 7ff60f2db640 12 API calls 20731 7ff60f2da1c0 20729->20731 20730->20729 20730->20731 20731->20731 20385 7ff60f2da55d 20386 7ff60f2da562 20385->20386 20386->20386 20389 7ff60f2da6ca 20386->20389 20394 7ff60f2da3c3 20386->20394 20395 7ff60f2db750 20386->20395 20387 7ff60f2db640 12 API calls 20392 7ff60f2da233 20387->20392 20390 7ff60f2db750 12 API calls 20389->20390 20389->20392 20389->20394 20391 7ff60f2da9d8 20390->20391 20393 7ff60f2db750 12 API calls 20391->20393 20393->20394 20394->20387 20394->20392 20396 7ff60f2db7b0 20395->20396 20397 7ff60f2dbcea 20396->20397 20402 7ff60f2db7cf 20396->20402 20398 7ff60f2dbf34 8 API calls 20397->20398 20399 7ff60f2dbcef 20398->20399 20400 7ff60f2dbe00 _wfindfirst32i64 8 API calls 20401 7ff60f2dbccc 20400->20401 20401->20389 20402->20400 20088 7ff60f2dc0d0 20089 7ff60f2dc0e0 20088->20089 20105 7ff60f2ea718 20089->20105 20091 7ff60f2dc0ec 20111 7ff60f2dc3c8 20091->20111 20093 7ff60f2dc6ac 7 API calls 20095 7ff60f2dc185 20093->20095 20094 7ff60f2dc104 _RTC_Initialize 20103 7ff60f2dc159 20094->20103 20116 7ff60f2dc578 20094->20116 20097 7ff60f2dc119 20119 7ff60f2e9b84 20097->20119 20103->20093 20104 7ff60f2dc175 20103->20104 20106 7ff60f2ea729 20105->20106 20107 7ff60f2ea731 20106->20107 20108 7ff60f2e5aa4 _get_daylight 11 API calls 20106->20108 20107->20091 20109 7ff60f2ea740 20108->20109 20110 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 20109->20110 20110->20107 20112 7ff60f2dc3d9 20111->20112 20115 7ff60f2dc3de __scrt_acquire_startup_lock 20111->20115 20113 7ff60f2dc6ac 7 API calls 20112->20113 20112->20115 20114 7ff60f2dc452 20113->20114 20115->20094 20144 7ff60f2dc53c 20116->20144 20118 7ff60f2dc581 20118->20097 20120 7ff60f2e9ba4 20119->20120 20133 7ff60f2dc125 20119->20133 20121 7ff60f2e9bc2 GetModuleFileNameW 20120->20121 20122 7ff60f2e9bac 20120->20122 20126 7ff60f2e9bed 20121->20126 20123 7ff60f2e5aa4 _get_daylight 11 API calls 20122->20123 20124 7ff60f2e9bb1 20123->20124 20125 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 20124->20125 20125->20133 20159 7ff60f2e9b24 20126->20159 20129 7ff60f2e9c35 20130 7ff60f2e5aa4 _get_daylight 11 API calls 20129->20130 20131 7ff60f2e9c3a 20130->20131 20132 7ff60f2eb4ec __free_lconv_mon 11 API calls 20131->20132 20132->20133 20133->20103 20143 7ff60f2dc64c InitializeSListHead 20133->20143 20134 7ff60f2eb4ec __free_lconv_mon 11 API calls 20134->20133 20135 7ff60f2e9c4d 20136 7ff60f2e9cb4 20135->20136 20137 7ff60f2e9c9b 20135->20137 20141 7ff60f2e9c6f 20135->20141 20139 7ff60f2eb4ec __free_lconv_mon 11 API calls 20136->20139 20138 7ff60f2eb4ec __free_lconv_mon 11 API calls 20137->20138 20140 7ff60f2e9ca4 20138->20140 20139->20141 20142 7ff60f2eb4ec __free_lconv_mon 11 API calls 20140->20142 20141->20134 20142->20133 20145 7ff60f2dc556 20144->20145 20147 7ff60f2dc54f 20144->20147 20148 7ff60f2ead5c 20145->20148 20147->20118 20151 7ff60f2ea998 20148->20151 20158 7ff60f2f1298 EnterCriticalSection 20151->20158 20160 7ff60f2e9b3c 20159->20160 20161 7ff60f2e9b74 20159->20161 20160->20161 20162 7ff60f2ef738 _get_daylight 11 API calls 20160->20162 20161->20129 20161->20135 20163 7ff60f2e9b6a 20162->20163 20164 7ff60f2eb4ec __free_lconv_mon 11 API calls 20163->20164 20164->20161 16158 7ff60f2f02cc 16159 7ff60f2f04be 16158->16159 16163 7ff60f2f030e _isindst 16158->16163 16160 7ff60f2e5aa4 _get_daylight 11 API calls 16159->16160 16178 7ff60f2f04ae 16160->16178 16163->16159 16164 7ff60f2f038e _isindst 16163->16164 16179 7ff60f2f6ee4 16164->16179 16169 7ff60f2f04ea 16220 7ff60f2eb4a4 IsProcessorFeaturePresent 16169->16220 16176 7ff60f2f03eb 16176->16178 16204 7ff60f2f6f28 16176->16204 16211 7ff60f2dbe00 16178->16211 16180 7ff60f2f6ef3 16179->16180 16181 7ff60f2f03ac 16179->16181 16224 7ff60f2f1298 EnterCriticalSection 16180->16224 16186 7ff60f2f62e8 16181->16186 16187 7ff60f2f62f1 16186->16187 16188 7ff60f2f03c1 16186->16188 16189 7ff60f2e5aa4 _get_daylight 11 API calls 16187->16189 16188->16169 16192 7ff60f2f6318 16188->16192 16190 7ff60f2f62f6 16189->16190 16225 7ff60f2eb484 16190->16225 16193 7ff60f2f6321 16192->16193 16194 7ff60f2f03d2 16192->16194 16195 7ff60f2e5aa4 _get_daylight 11 API calls 16193->16195 16194->16169 16198 7ff60f2f6348 16194->16198 16196 7ff60f2f6326 16195->16196 16197 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 16196->16197 16197->16194 16199 7ff60f2f6351 16198->16199 16200 7ff60f2f03e3 16198->16200 16201 7ff60f2e5aa4 _get_daylight 11 API calls 16199->16201 16200->16169 16200->16176 16202 7ff60f2f6356 16201->16202 16203 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 16202->16203 16203->16200 16265 7ff60f2f1298 EnterCriticalSection 16204->16265 16212 7ff60f2dbe09 16211->16212 16213 7ff60f2dbe60 IsProcessorFeaturePresent 16212->16213 16214 7ff60f2dbe14 16212->16214 16215 7ff60f2dbe78 16213->16215 16266 7ff60f2dc054 RtlCaptureContext 16215->16266 16221 7ff60f2eb4b7 16220->16221 16271 7ff60f2eb1b8 16221->16271 16227 7ff60f2eb31c 16225->16227 16228 7ff60f2eb347 16227->16228 16231 7ff60f2eb3b8 16228->16231 16230 7ff60f2eb36e 16239 7ff60f2eb100 16231->16239 16235 7ff60f2eb3f3 16235->16230 16237 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 16238 7ff60f2eb483 16237->16238 16240 7ff60f2eb11c GetLastError 16239->16240 16241 7ff60f2eb157 16239->16241 16242 7ff60f2eb12c 16240->16242 16241->16235 16245 7ff60f2eb16c 16241->16245 16248 7ff60f2ebf30 16242->16248 16246 7ff60f2eb188 GetLastError SetLastError 16245->16246 16247 7ff60f2eb1a0 16245->16247 16246->16247 16247->16235 16247->16237 16249 7ff60f2ebf4f FlsGetValue 16248->16249 16250 7ff60f2ebf6a FlsSetValue 16248->16250 16251 7ff60f2ebf64 16249->16251 16253 7ff60f2eb147 SetLastError 16249->16253 16252 7ff60f2ebf77 16250->16252 16250->16253 16251->16250 16254 7ff60f2ef738 _get_daylight 11 API calls 16252->16254 16253->16241 16255 7ff60f2ebf86 16254->16255 16256 7ff60f2ebfa4 FlsSetValue 16255->16256 16257 7ff60f2ebf94 FlsSetValue 16255->16257 16259 7ff60f2ebfc2 16256->16259 16260 7ff60f2ebfb0 FlsSetValue 16256->16260 16258 7ff60f2ebf9d 16257->16258 16261 7ff60f2eb4ec __free_lconv_mon 11 API calls 16258->16261 16262 7ff60f2eba98 _get_daylight 11 API calls 16259->16262 16260->16258 16261->16253 16263 7ff60f2ebfca 16262->16263 16264 7ff60f2eb4ec __free_lconv_mon 11 API calls 16263->16264 16264->16253 16267 7ff60f2dc06e RtlLookupFunctionEntry 16266->16267 16268 7ff60f2dc084 RtlVirtualUnwind 16267->16268 16269 7ff60f2dbe8b 16267->16269 16268->16267 16268->16269 16270 7ff60f2dbe20 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16269->16270 16272 7ff60f2eb1f2 _wfindfirst32i64 __scrt_get_show_window_mode 16271->16272 16273 7ff60f2eb21a RtlCaptureContext RtlLookupFunctionEntry 16272->16273 16274 7ff60f2eb254 RtlVirtualUnwind 16273->16274 16275 7ff60f2eb28a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16273->16275 16274->16275 16276 7ff60f2eb2dc _wfindfirst32i64 16275->16276 16277 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16276->16277 16278 7ff60f2eb2fb GetCurrentProcess TerminateProcess 16277->16278 16279 7ff60f2db0cc 16280 7ff60f2da3ca 16279->16280 16282 7ff60f2da446 16280->16282 16283 7ff60f2db640 16280->16283 16284 7ff60f2db663 16283->16284 16285 7ff60f2db67f memcpy_s 16283->16285 16286 7ff60f2ee19c 12 API calls 16284->16286 16285->16282 16286->16285 20221 7ff60f2ed0c0 20232 7ff60f2f1298 EnterCriticalSection 20221->20232 20233 7ff60f2ea8c0 20236 7ff60f2ea83c 20233->20236 20243 7ff60f2f1298 EnterCriticalSection 20236->20243 16287 7ff60f2dc1bc 16308 7ff60f2dc38c 16287->16308 16290 7ff60f2dc308 16408 7ff60f2dc6ac IsProcessorFeaturePresent 16290->16408 16291 7ff60f2dc1d8 __scrt_acquire_startup_lock 16293 7ff60f2dc312 16291->16293 16300 7ff60f2dc1f6 __scrt_release_startup_lock 16291->16300 16294 7ff60f2dc6ac 7 API calls 16293->16294 16296 7ff60f2dc31d _CreateFrameInfo 16294->16296 16295 7ff60f2dc21b 16297 7ff60f2dc2a1 16314 7ff60f2dc7f4 16297->16314 16299 7ff60f2dc2a6 16317 7ff60f2d1000 16299->16317 16300->16295 16300->16297 16397 7ff60f2ea69c 16300->16397 16306 7ff60f2dc2c9 16306->16296 16404 7ff60f2dc510 16306->16404 16309 7ff60f2dc394 16308->16309 16310 7ff60f2dc3a0 __scrt_dllmain_crt_thread_attach 16309->16310 16311 7ff60f2dc1d0 16310->16311 16312 7ff60f2dc3ad 16310->16312 16311->16290 16311->16291 16312->16311 16415 7ff60f2dcfb0 16312->16415 16442 7ff60f2fb380 16314->16442 16318 7ff60f2d100b 16317->16318 16444 7ff60f2d87a0 16318->16444 16320 7ff60f2d101d 16451 7ff60f2e64d8 16320->16451 16322 7ff60f2d39ab 16458 7ff60f2d1ea0 16322->16458 16325 7ff60f2d3ab2 16327 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16325->16327 16328 7ff60f2d3b73 16327->16328 16402 7ff60f2dc838 GetModuleHandleW 16328->16402 16329 7ff60f2d39ca 16329->16325 16474 7ff60f2d7b60 16329->16474 16331 7ff60f2d39ff 16332 7ff60f2d3a4b 16331->16332 16333 7ff60f2d7b60 61 API calls 16331->16333 16489 7ff60f2d8040 16332->16489 16339 7ff60f2d3a20 __std_exception_copy 16333->16339 16335 7ff60f2d3a60 16493 7ff60f2d1ca0 16335->16493 16338 7ff60f2d3b2d 16341 7ff60f2d3b8d 16338->16341 16512 7ff60f2d8970 16338->16512 16339->16332 16343 7ff60f2d8040 58 API calls 16339->16343 16340 7ff60f2d1ca0 121 API calls 16342 7ff60f2d3a96 16340->16342 16341->16325 16346 7ff60f2d3bdb 16341->16346 16536 7ff60f2d8bd0 16341->16536 16344 7ff60f2d3a9a 16342->16344 16345 7ff60f2d3ab7 16342->16345 16343->16332 16592 7ff60f2d2b10 16344->16592 16345->16338 16605 7ff60f2d3fc0 16345->16605 16550 7ff60f2d6de0 16346->16550 16350 7ff60f2d3bc0 16354 7ff60f2d3b53 16350->16354 16355 7ff60f2d3bce SetDllDirectoryW 16350->16355 16362 7ff60f2d2b10 59 API calls 16354->16362 16355->16346 16359 7ff60f2d3c27 16365 7ff60f2d3ce6 16359->16365 16374 7ff60f2d3c46 16359->16374 16361 7ff60f2d3ad5 16366 7ff60f2d2b10 59 API calls 16361->16366 16362->16325 16363 7ff60f2d3bf5 16363->16359 16637 7ff60f2d65f0 16363->16637 16554 7ff60f2d34a0 16365->16554 16366->16325 16367 7ff60f2d3b03 16367->16338 16370 7ff60f2d3b08 16367->16370 16624 7ff60f2e076c 16370->16624 16380 7ff60f2d3c88 16374->16380 16679 7ff60f2d1ee0 16374->16679 16375 7ff60f2d3c29 16673 7ff60f2d6840 16375->16673 16380->16325 16683 7ff60f2d3440 16380->16683 16382 7ff60f2d3d00 16562 7ff60f2d7fd0 16382->16562 16383 7ff60f2d3c18 16387 7ff60f2d3d13 16389 7ff60f2d7b60 61 API calls 16387->16389 16388 7ff60f2d3cc1 16391 7ff60f2d6840 FreeLibrary 16388->16391 16390 7ff60f2d3d1f 16389->16390 16569 7ff60f2d8080 16390->16569 16391->16325 16398 7ff60f2ea6d4 16397->16398 16399 7ff60f2ea6b3 16397->16399 19211 7ff60f2eaf48 16398->19211 16399->16297 16403 7ff60f2dc849 16402->16403 16403->16306 16405 7ff60f2dc521 16404->16405 16406 7ff60f2dc2e0 16405->16406 16407 7ff60f2dcfb0 7 API calls 16405->16407 16406->16295 16407->16406 16409 7ff60f2dc6d2 _wfindfirst32i64 __scrt_get_show_window_mode 16408->16409 16410 7ff60f2dc6f1 RtlCaptureContext RtlLookupFunctionEntry 16409->16410 16411 7ff60f2dc71a RtlVirtualUnwind 16410->16411 16412 7ff60f2dc756 __scrt_get_show_window_mode 16410->16412 16411->16412 16413 7ff60f2dc788 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16412->16413 16414 7ff60f2dc7d6 _wfindfirst32i64 16413->16414 16414->16293 16416 7ff60f2dcfc2 16415->16416 16417 7ff60f2dcfb8 16415->16417 16416->16311 16421 7ff60f2dd354 16417->16421 16422 7ff60f2dd363 16421->16422 16423 7ff60f2dcfbd 16421->16423 16429 7ff60f2de350 16422->16429 16425 7ff60f2dd3c0 16423->16425 16426 7ff60f2dd3eb 16425->16426 16427 7ff60f2dd3ef 16426->16427 16428 7ff60f2dd3ce DeleteCriticalSection 16426->16428 16427->16416 16428->16426 16433 7ff60f2de1b8 16429->16433 16434 7ff60f2de1fc __vcrt_FlsAlloc 16433->16434 16440 7ff60f2de2a2 TlsFree 16433->16440 16435 7ff60f2de22a LoadLibraryExW 16434->16435 16436 7ff60f2de2e9 GetProcAddress 16434->16436 16434->16440 16441 7ff60f2de26d LoadLibraryExW 16434->16441 16437 7ff60f2de24b GetLastError 16435->16437 16438 7ff60f2de2c9 16435->16438 16436->16440 16437->16434 16438->16436 16439 7ff60f2de2e0 FreeLibrary 16438->16439 16439->16436 16441->16434 16441->16438 16443 7ff60f2dc80b GetStartupInfoW 16442->16443 16443->16299 16445 7ff60f2d87bf 16444->16445 16446 7ff60f2d87c7 __std_exception_copy 16445->16446 16447 7ff60f2d8810 WideCharToMultiByte 16445->16447 16448 7ff60f2d88b6 16445->16448 16450 7ff60f2d8864 WideCharToMultiByte 16445->16450 16446->16320 16447->16445 16447->16448 16731 7ff60f2d29c0 16448->16731 16450->16445 16450->16448 16454 7ff60f2f0630 16451->16454 16452 7ff60f2f0683 16453 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16452->16453 16457 7ff60f2f06ac 16453->16457 16454->16452 16455 7ff60f2f06d6 16454->16455 17121 7ff60f2f0508 16455->17121 16457->16322 16459 7ff60f2d1eb5 16458->16459 16460 7ff60f2d1ed0 16459->16460 17129 7ff60f2d2870 16459->17129 16460->16325 16462 7ff60f2d3eb0 16460->16462 16463 7ff60f2dbda0 16462->16463 16464 7ff60f2d3ebc GetModuleFileNameW 16463->16464 16465 7ff60f2d3f02 16464->16465 16466 7ff60f2d3eeb 16464->16466 17169 7ff60f2d8ce0 16465->17169 16468 7ff60f2d29c0 57 API calls 16466->16468 16469 7ff60f2d3efe 16468->16469 16472 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16469->16472 16471 7ff60f2d2b10 59 API calls 16471->16469 16473 7ff60f2d3f3f 16472->16473 16473->16329 16475 7ff60f2d7b6a 16474->16475 16476 7ff60f2d8bd0 57 API calls 16475->16476 16477 7ff60f2d7b8c GetEnvironmentVariableW 16476->16477 16478 7ff60f2d7ba4 ExpandEnvironmentStringsW 16477->16478 16479 7ff60f2d7bf6 16477->16479 16481 7ff60f2d8ce0 59 API calls 16478->16481 16480 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16479->16480 16482 7ff60f2d7c08 16480->16482 16483 7ff60f2d7bcc 16481->16483 16482->16331 16483->16479 16484 7ff60f2d7bd6 16483->16484 17180 7ff60f2eaf7c 16484->17180 16487 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16488 7ff60f2d7bee 16487->16488 16488->16331 16490 7ff60f2d8bd0 57 API calls 16489->16490 16491 7ff60f2d8057 SetEnvironmentVariableW 16490->16491 16492 7ff60f2d806f __std_exception_copy 16491->16492 16492->16335 16494 7ff60f2d1cae 16493->16494 16495 7ff60f2d1ee0 49 API calls 16494->16495 16496 7ff60f2d1ce4 16495->16496 16497 7ff60f2d1dce 16496->16497 16498 7ff60f2d1ee0 49 API calls 16496->16498 16500 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16497->16500 16499 7ff60f2d1d0a 16498->16499 16499->16497 17187 7ff60f2d1a90 16499->17187 16501 7ff60f2d1e5c 16500->16501 16501->16338 16501->16340 16505 7ff60f2d1dbc 16506 7ff60f2d3e30 49 API calls 16505->16506 16506->16497 16507 7ff60f2d1d7f 16507->16505 16508 7ff60f2d1e24 16507->16508 16509 7ff60f2d3e30 49 API calls 16508->16509 16510 7ff60f2d1e31 16509->16510 17223 7ff60f2d4040 16510->17223 16513 7ff60f2d8985 16512->16513 17265 7ff60f2d8650 GetCurrentProcess OpenProcessToken 16513->17265 16516 7ff60f2d8650 7 API calls 16517 7ff60f2d89b1 16516->16517 16518 7ff60f2d89e4 16517->16518 16519 7ff60f2d89ca 16517->16519 16520 7ff60f2d8740 48 API calls 16518->16520 17275 7ff60f2d8740 16519->17275 16522 7ff60f2d89f7 LocalFree LocalFree 16520->16522 16524 7ff60f2d8a13 16522->16524 16526 7ff60f2d8a1f 16522->16526 17279 7ff60f2d2c30 16524->17279 16527 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16526->16527 16528 7ff60f2d3b4e 16527->16528 16528->16354 16529 7ff60f2d14e0 16528->16529 16530 7ff60f2d156f 16529->16530 16532 7ff60f2d14f6 16529->16532 16530->16341 17486 7ff60f2d7950 16532->17486 16537 7ff60f2d8bf1 MultiByteToWideChar 16536->16537 16538 7ff60f2d8c77 MultiByteToWideChar 16536->16538 16541 7ff60f2d8c17 16537->16541 16544 7ff60f2d8c3c 16537->16544 16539 7ff60f2d8cbf 16538->16539 16540 7ff60f2d8c9a 16538->16540 16539->16350 16542 7ff60f2d29c0 55 API calls 16540->16542 16543 7ff60f2d29c0 55 API calls 16541->16543 16545 7ff60f2d8cad 16542->16545 16546 7ff60f2d8c2a 16543->16546 16544->16538 16547 7ff60f2d8c52 16544->16547 16545->16350 16546->16350 16548 7ff60f2d29c0 55 API calls 16547->16548 16549 7ff60f2d8c65 16548->16549 16549->16350 16551 7ff60f2d6df5 16550->16551 16552 7ff60f2d3be0 16551->16552 16553 7ff60f2d2870 59 API calls 16551->16553 16552->16359 16628 7ff60f2d6a90 16552->16628 16553->16552 16558 7ff60f2d3513 16554->16558 16560 7ff60f2d3554 16554->16560 16555 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16556 7ff60f2d35a5 16555->16556 16556->16325 16561 7ff60f2d8940 LocalFree 16556->16561 16558->16560 17818 7ff60f2d1700 16558->17818 17860 7ff60f2d2d50 16558->17860 16560->16555 16561->16382 16563 7ff60f2d8bd0 57 API calls 16562->16563 16564 7ff60f2d7fef 16563->16564 16565 7ff60f2d8bd0 57 API calls 16564->16565 16566 7ff60f2d7fff 16565->16566 16567 7ff60f2e83cc 38 API calls 16566->16567 16568 7ff60f2d800d __std_exception_copy 16567->16568 16568->16387 16570 7ff60f2d8090 16569->16570 16571 7ff60f2d8bd0 57 API calls 16570->16571 16593 7ff60f2d2b30 16592->16593 16594 7ff60f2e50a4 49 API calls 16593->16594 16595 7ff60f2d2b7b __scrt_get_show_window_mode 16594->16595 16596 7ff60f2d8bd0 57 API calls 16595->16596 16597 7ff60f2d2bb0 16596->16597 16598 7ff60f2d2bb5 16597->16598 16599 7ff60f2d2bed MessageBoxA 16597->16599 16600 7ff60f2d8bd0 57 API calls 16598->16600 16601 7ff60f2d2c07 16599->16601 16602 7ff60f2d2bcf MessageBoxW 16600->16602 16603 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16601->16603 16602->16601 16604 7ff60f2d2c17 16603->16604 16604->16325 16606 7ff60f2d3fcc 16605->16606 16607 7ff60f2d8bd0 57 API calls 16606->16607 16608 7ff60f2d3ff7 16607->16608 16609 7ff60f2d8bd0 57 API calls 16608->16609 16610 7ff60f2d400a 16609->16610 18354 7ff60f2e6a88 16610->18354 16613 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16614 7ff60f2d3acd 16613->16614 16614->16361 16615 7ff60f2d82b0 16614->16615 16616 7ff60f2d82d4 16615->16616 16617 7ff60f2e0df4 73 API calls 16616->16617 16622 7ff60f2d83ab __std_exception_copy 16616->16622 16618 7ff60f2d82ee 16617->16618 16618->16622 18733 7ff60f2e9650 16618->18733 16622->16367 16625 7ff60f2e079c 16624->16625 18748 7ff60f2e0548 16625->18748 16627 7ff60f2e07b5 16627->16361 16629 7ff60f2d6ab3 16628->16629 16630 7ff60f2d6aca 16628->16630 16629->16630 18759 7ff60f2d1590 16629->18759 16630->16363 16632 7ff60f2d6ad4 16632->16630 16633 7ff60f2d4040 49 API calls 16632->16633 16634 7ff60f2d6b35 16633->16634 16635 7ff60f2d2b10 59 API calls 16634->16635 16636 7ff60f2d6ba5 __std_exception_copy memcpy_s 16634->16636 16635->16630 16636->16363 16651 7ff60f2d660a memcpy_s 16637->16651 16638 7ff60f2d672f 16641 7ff60f2d4040 49 API calls 16638->16641 16640 7ff60f2d674b 16642 7ff60f2d2b10 59 API calls 16640->16642 16643 7ff60f2d67a8 16641->16643 16647 7ff60f2d6741 __std_exception_copy 16642->16647 16646 7ff60f2d4040 49 API calls 16643->16646 16644 7ff60f2d4040 49 API calls 16644->16651 16645 7ff60f2d6710 16645->16638 16648 7ff60f2d4040 49 API calls 16645->16648 16649 7ff60f2d67d8 16646->16649 16650 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16647->16650 16648->16638 16654 7ff60f2d4040 49 API calls 16649->16654 16652 7ff60f2d3c06 16650->16652 16651->16638 16651->16640 16651->16644 16651->16645 16651->16651 16653 7ff60f2d1700 135 API calls 16651->16653 16655 7ff60f2d6731 16651->16655 18783 7ff60f2d1940 16651->18783 16652->16375 16657 7ff60f2d6570 16652->16657 16653->16651 16654->16647 16656 7ff60f2d2b10 59 API calls 16655->16656 16656->16647 18787 7ff60f2d8260 16657->18787 16659 7ff60f2d658c 16660 7ff60f2d8260 58 API calls 16659->16660 16661 7ff60f2d659f 16660->16661 16662 7ff60f2d65d5 16661->16662 16664 7ff60f2d65b7 16661->16664 16663 7ff60f2d2b10 59 API calls 16662->16663 16666 7ff60f2d3c14 16663->16666 18791 7ff60f2d6ef0 GetProcAddress 16664->18791 16666->16375 16666->16383 16674 7ff60f2d6852 16673->16674 16675 7ff60f2d687d 16673->16675 16674->16675 16677 7ff60f2d693b 16674->16677 18850 7ff60f2d8240 FreeLibrary 16674->18850 16675->16359 16677->16675 18851 7ff60f2d8240 FreeLibrary 16677->18851 16680 7ff60f2d1f05 16679->16680 16681 7ff60f2e50a4 49 API calls 16680->16681 16682 7ff60f2d1f28 16681->16682 16682->16380 18852 7ff60f2d5bc0 16683->18852 16686 7ff60f2d348d 16686->16388 16688 7ff60f2d3464 16688->16686 16750 7ff60f2dbda0 16731->16750 16734 7ff60f2d2a09 16752 7ff60f2e50a4 16734->16752 16739 7ff60f2d1ee0 49 API calls 16740 7ff60f2d2a66 __scrt_get_show_window_mode 16739->16740 16741 7ff60f2d8bd0 54 API calls 16740->16741 16742 7ff60f2d2a9b 16741->16742 16743 7ff60f2d2aa0 16742->16743 16744 7ff60f2d2ad8 MessageBoxA 16742->16744 16745 7ff60f2d8bd0 54 API calls 16743->16745 16746 7ff60f2d2af2 16744->16746 16748 7ff60f2d2aba MessageBoxW 16745->16748 16747 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16746->16747 16749 7ff60f2d2b02 16747->16749 16748->16746 16749->16446 16751 7ff60f2d29dc GetLastError 16750->16751 16751->16734 16755 7ff60f2e50fe 16752->16755 16753 7ff60f2e5123 16754 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16753->16754 16759 7ff60f2e514d 16754->16759 16755->16753 16756 7ff60f2e515f 16755->16756 16782 7ff60f2e3330 16756->16782 16758 7ff60f2e523c 16761 7ff60f2eb4ec __free_lconv_mon 11 API calls 16758->16761 16760 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16759->16760 16763 7ff60f2d2a37 16760->16763 16761->16759 16770 7ff60f2d8560 16763->16770 16764 7ff60f2e5211 16767 7ff60f2eb4ec __free_lconv_mon 11 API calls 16764->16767 16765 7ff60f2e5260 16765->16758 16766 7ff60f2e526a 16765->16766 16769 7ff60f2eb4ec __free_lconv_mon 11 API calls 16766->16769 16767->16759 16768 7ff60f2e5208 16768->16758 16768->16764 16769->16759 16771 7ff60f2d856c 16770->16771 16772 7ff60f2d858d FormatMessageW 16771->16772 16773 7ff60f2d8587 GetLastError 16771->16773 16774 7ff60f2d85c0 16772->16774 16775 7ff60f2d85dc WideCharToMultiByte 16772->16775 16773->16772 16776 7ff60f2d29c0 54 API calls 16774->16776 16777 7ff60f2d85d3 16775->16777 16778 7ff60f2d8616 16775->16778 16776->16777 16780 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16777->16780 16779 7ff60f2d29c0 54 API calls 16778->16779 16779->16777 16781 7ff60f2d2a3e 16780->16781 16781->16739 16783 7ff60f2e336e 16782->16783 16789 7ff60f2e335e 16782->16789 16784 7ff60f2e33a5 16783->16784 16785 7ff60f2e3377 16783->16785 16787 7ff60f2e339d 16784->16787 16784->16789 16791 7ff60f2e3654 16784->16791 16796 7ff60f2e3cc0 16784->16796 16822 7ff60f2e3988 16784->16822 16852 7ff60f2e3210 16784->16852 16855 7ff60f2e4ee0 16784->16855 16786 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16785->16786 16786->16787 16787->16758 16787->16764 16787->16765 16787->16768 16788 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16788->16787 16789->16788 16794 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16791->16794 16794->16789 16797 7ff60f2e3d02 16796->16797 16798 7ff60f2e3d75 16796->16798 16799 7ff60f2e3d9f 16797->16799 16800 7ff60f2e3d08 16797->16800 16801 7ff60f2e3dcf 16798->16801 16802 7ff60f2e3d7a 16798->16802 16879 7ff60f2e2270 16799->16879 16807 7ff60f2e3d0d 16800->16807 16810 7ff60f2e3dde 16800->16810 16801->16799 16801->16810 16820 7ff60f2e3d38 16801->16820 16803 7ff60f2e3daf 16802->16803 16804 7ff60f2e3d7c 16802->16804 16886 7ff60f2e1e60 16803->16886 16806 7ff60f2e3d1d 16804->16806 16813 7ff60f2e3d8b 16804->16813 16821 7ff60f2e3e0d 16806->16821 16861 7ff60f2e4624 16806->16861 16807->16806 16811 7ff60f2e3d50 16807->16811 16807->16820 16810->16821 16893 7ff60f2e2680 16810->16893 16811->16821 16871 7ff60f2e4ae0 16811->16871 16813->16799 16814 7ff60f2e3d90 16813->16814 16814->16821 16875 7ff60f2e4c78 16814->16875 16816 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16818 7ff60f2e40a3 16816->16818 16818->16784 16820->16821 16900 7ff60f2ef3f8 16820->16900 16821->16816 16823 7ff60f2e3993 16822->16823 16824 7ff60f2e39a9 16822->16824 16825 7ff60f2e3d02 16823->16825 16826 7ff60f2e3d75 16823->16826 16832 7ff60f2e39e7 16823->16832 16827 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16824->16827 16824->16832 16828 7ff60f2e3d9f 16825->16828 16829 7ff60f2e3d08 16825->16829 16830 7ff60f2e3dcf 16826->16830 16831 7ff60f2e3d7a 16826->16831 16827->16832 16835 7ff60f2e2270 38 API calls 16828->16835 16836 7ff60f2e3d0d 16829->16836 16839 7ff60f2e3dde 16829->16839 16830->16828 16830->16839 16850 7ff60f2e3d38 16830->16850 16833 7ff60f2e3daf 16831->16833 16834 7ff60f2e3d7c 16831->16834 16832->16784 16837 7ff60f2e1e60 38 API calls 16833->16837 16842 7ff60f2e3d8b 16834->16842 16845 7ff60f2e3d1d 16834->16845 16835->16850 16840 7ff60f2e3d50 16836->16840 16836->16845 16836->16850 16837->16850 16838 7ff60f2e4624 47 API calls 16838->16850 16841 7ff60f2e2680 38 API calls 16839->16841 16851 7ff60f2e3e0d 16839->16851 16843 7ff60f2e4ae0 47 API calls 16840->16843 16840->16851 16841->16850 16842->16828 16844 7ff60f2e3d90 16842->16844 16843->16850 16847 7ff60f2e4c78 37 API calls 16844->16847 16844->16851 16845->16838 16845->16851 16846 7ff60f2dbe00 _wfindfirst32i64 8 API calls 16848 7ff60f2e40a3 16846->16848 16847->16850 16848->16784 16849 7ff60f2ef3f8 47 API calls 16849->16850 16850->16849 16850->16851 16851->16846 17049 7ff60f2e1434 16852->17049 16856 7ff60f2e4ef7 16855->16856 17066 7ff60f2ee558 16856->17066 16862 7ff60f2e4646 16861->16862 16910 7ff60f2e12a0 16862->16910 16867 7ff60f2e4ee0 45 API calls 16868 7ff60f2e4783 16867->16868 16868->16868 16869 7ff60f2e4ee0 45 API calls 16868->16869 16870 7ff60f2e480c 16868->16870 16869->16870 16870->16820 16872 7ff60f2e4b60 16871->16872 16873 7ff60f2e4af8 16871->16873 16872->16820 16873->16872 16874 7ff60f2ef3f8 47 API calls 16873->16874 16874->16872 16878 7ff60f2e4c99 16875->16878 16876 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16877 7ff60f2e4cca 16876->16877 16877->16820 16878->16876 16878->16877 16880 7ff60f2e22a3 16879->16880 16881 7ff60f2e22d2 16880->16881 16883 7ff60f2e238f 16880->16883 16882 7ff60f2e12a0 12 API calls 16881->16882 16885 7ff60f2e230f 16881->16885 16882->16885 16884 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16883->16884 16884->16885 16885->16820 16887 7ff60f2e1e93 16886->16887 16888 7ff60f2e1ec2 16887->16888 16890 7ff60f2e1f7f 16887->16890 16889 7ff60f2e12a0 12 API calls 16888->16889 16892 7ff60f2e1eff 16888->16892 16889->16892 16891 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16890->16891 16891->16892 16892->16820 16894 7ff60f2e26b3 16893->16894 16895 7ff60f2e26e2 16894->16895 16897 7ff60f2e279f 16894->16897 16896 7ff60f2e12a0 12 API calls 16895->16896 16899 7ff60f2e271f 16895->16899 16896->16899 16898 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16897->16898 16898->16899 16899->16820 16901 7ff60f2ef420 16900->16901 16902 7ff60f2ef465 16901->16902 16903 7ff60f2e4ee0 45 API calls 16901->16903 16905 7ff60f2ef44e __scrt_get_show_window_mode 16901->16905 16908 7ff60f2ef425 __scrt_get_show_window_mode 16901->16908 16902->16905 16902->16908 17046 7ff60f2f0aa8 16902->17046 16903->16902 16904 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16904->16908 16905->16904 16905->16908 16908->16820 16911 7ff60f2e12d7 16910->16911 16917 7ff60f2e12c6 16910->16917 16912 7ff60f2ee19c _fread_nolock 12 API calls 16911->16912 16911->16917 16913 7ff60f2e1304 16912->16913 16914 7ff60f2e1318 16913->16914 16915 7ff60f2eb4ec __free_lconv_mon 11 API calls 16913->16915 16916 7ff60f2eb4ec __free_lconv_mon 11 API calls 16914->16916 16915->16914 16916->16917 16918 7ff60f2ef110 16917->16918 16919 7ff60f2ef160 16918->16919 16920 7ff60f2ef12d 16918->16920 16919->16920 16922 7ff60f2ef192 16919->16922 16921 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16920->16921 16931 7ff60f2e4761 16921->16931 16927 7ff60f2ef2a5 16922->16927 16933 7ff60f2ef1da 16922->16933 16923 7ff60f2ef397 16973 7ff60f2ee5fc 16923->16973 16924 7ff60f2ef35d 16966 7ff60f2ee994 16924->16966 16926 7ff60f2ef32c 16959 7ff60f2eec74 16926->16959 16927->16923 16927->16924 16927->16926 16929 7ff60f2ef2ef 16927->16929 16932 7ff60f2ef2e5 16927->16932 16949 7ff60f2eeea4 16929->16949 16931->16867 16931->16868 16932->16924 16935 7ff60f2ef2ea 16932->16935 16933->16931 16940 7ff60f2eb01c 16933->16940 16935->16926 16935->16929 16938 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 16939 7ff60f2ef3f4 16938->16939 16941 7ff60f2eb033 16940->16941 16942 7ff60f2eb029 16940->16942 16943 7ff60f2e5aa4 _get_daylight 11 API calls 16941->16943 16942->16941 16947 7ff60f2eb04e 16942->16947 16944 7ff60f2eb03a 16943->16944 16945 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 16944->16945 16946 7ff60f2eb046 16945->16946 16946->16931 16946->16938 16947->16946 16948 7ff60f2e5aa4 _get_daylight 11 API calls 16947->16948 16948->16944 16982 7ff60f2f4cfc 16949->16982 16953 7ff60f2eef50 16953->16931 16954 7ff60f2eef4c 16954->16953 16955 7ff60f2eefa1 16954->16955 16956 7ff60f2eef6c 16954->16956 17035 7ff60f2eea90 16955->17035 17031 7ff60f2eed4c 16956->17031 16960 7ff60f2f4cfc 38 API calls 16959->16960 16961 7ff60f2eecbe 16960->16961 16962 7ff60f2f4744 37 API calls 16961->16962 16963 7ff60f2eed0e 16962->16963 16964 7ff60f2eed12 16963->16964 16965 7ff60f2eed4c 45 API calls 16963->16965 16964->16931 16965->16964 16967 7ff60f2f4cfc 38 API calls 16966->16967 16968 7ff60f2ee9df 16967->16968 16969 7ff60f2f4744 37 API calls 16968->16969 16970 7ff60f2eea37 16969->16970 16971 7ff60f2eea3b 16970->16971 16972 7ff60f2eea90 45 API calls 16970->16972 16971->16931 16972->16971 16974 7ff60f2ee674 16973->16974 16975 7ff60f2ee641 16973->16975 16977 7ff60f2ee68c 16974->16977 16978 7ff60f2ee70d 16974->16978 16976 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 16975->16976 16980 7ff60f2ee66d __scrt_get_show_window_mode 16976->16980 16979 7ff60f2ee994 46 API calls 16977->16979 16978->16980 16981 7ff60f2e4ee0 45 API calls 16978->16981 16979->16980 16980->16931 16981->16980 16983 7ff60f2f4d4f fegetenv 16982->16983 16984 7ff60f2f8c5c 37 API calls 16983->16984 16988 7ff60f2f4da2 16984->16988 16985 7ff60f2f4dcf 16990 7ff60f2eb01c __std_exception_copy 37 API calls 16985->16990 16986 7ff60f2f4e92 16987 7ff60f2f8c5c 37 API calls 16986->16987 16989 7ff60f2f4ebc 16987->16989 16988->16986 16991 7ff60f2f4e6c 16988->16991 16992 7ff60f2f4dbd 16988->16992 16993 7ff60f2f8c5c 37 API calls 16989->16993 16994 7ff60f2f4e4d 16990->16994 16997 7ff60f2eb01c __std_exception_copy 37 API calls 16991->16997 16992->16985 16992->16986 16995 7ff60f2f4ecd 16993->16995 16996 7ff60f2f5f74 16994->16996 17001 7ff60f2f4e55 16994->17001 16998 7ff60f2f8e50 20 API calls 16995->16998 16999 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 16996->16999 16997->16994 17009 7ff60f2f4f36 __scrt_get_show_window_mode 16998->17009 17000 7ff60f2f5f89 16999->17000 17002 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17001->17002 17003 7ff60f2eeef1 17002->17003 17027 7ff60f2f4744 17003->17027 17004 7ff60f2f52df __scrt_get_show_window_mode 17005 7ff60f2f4f77 memcpy_s 17022 7ff60f2f53d3 memcpy_s __scrt_get_show_window_mode 17005->17022 17023 7ff60f2f58bb memcpy_s __scrt_get_show_window_mode 17005->17023 17006 7ff60f2f561f 17007 7ff60f2f4860 37 API calls 17006->17007 17013 7ff60f2f5d37 17007->17013 17008 7ff60f2f55cb 17008->17006 17008->17008 17010 7ff60f2f5f8c memcpy_s 37 API calls 17008->17010 17009->17004 17009->17005 17011 7ff60f2e5aa4 _get_daylight 11 API calls 17009->17011 17010->17006 17012 7ff60f2f53b0 17011->17012 17014 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17012->17014 17016 7ff60f2f5f8c memcpy_s 37 API calls 17013->17016 17020 7ff60f2f5d92 17013->17020 17014->17005 17015 7ff60f2f5f18 17019 7ff60f2f8c5c 37 API calls 17015->17019 17016->17020 17017 7ff60f2e5aa4 11 API calls _get_daylight 17017->17023 17018 7ff60f2e5aa4 11 API calls _get_daylight 17018->17022 17019->17001 17020->17015 17021 7ff60f2f4860 37 API calls 17020->17021 17025 7ff60f2f5f8c memcpy_s 37 API calls 17020->17025 17021->17020 17022->17008 17022->17018 17024 7ff60f2eb484 37 API calls _invalid_parameter_noinfo 17022->17024 17023->17006 17023->17008 17023->17017 17026 7ff60f2eb484 37 API calls _invalid_parameter_noinfo 17023->17026 17024->17022 17025->17020 17026->17023 17028 7ff60f2f4763 17027->17028 17029 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17028->17029 17030 7ff60f2f478e memcpy_s 17028->17030 17029->17030 17030->16954 17032 7ff60f2eed78 memcpy_s 17031->17032 17033 7ff60f2e4ee0 45 API calls 17032->17033 17034 7ff60f2eee32 memcpy_s __scrt_get_show_window_mode 17032->17034 17033->17034 17034->16953 17036 7ff60f2eeacb 17035->17036 17040 7ff60f2eeb18 memcpy_s 17035->17040 17037 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17036->17037 17038 7ff60f2eeaf7 17037->17038 17038->16953 17039 7ff60f2eeb83 17041 7ff60f2eb01c __std_exception_copy 37 API calls 17039->17041 17040->17039 17042 7ff60f2e4ee0 45 API calls 17040->17042 17045 7ff60f2eebc5 memcpy_s 17041->17045 17042->17039 17043 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 17044 7ff60f2eec70 17043->17044 17045->17043 17047 7ff60f2f0acc WideCharToMultiByte 17046->17047 17050 7ff60f2e1473 17049->17050 17051 7ff60f2e1461 17049->17051 17053 7ff60f2e1480 17050->17053 17057 7ff60f2e14bd 17050->17057 17052 7ff60f2e5aa4 _get_daylight 11 API calls 17051->17052 17054 7ff60f2e1466 17052->17054 17056 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17053->17056 17055 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17054->17055 17059 7ff60f2e1471 17055->17059 17056->17059 17058 7ff60f2e1566 17057->17058 17060 7ff60f2e5aa4 _get_daylight 11 API calls 17057->17060 17058->17059 17061 7ff60f2e5aa4 _get_daylight 11 API calls 17058->17061 17059->16784 17062 7ff60f2e155b 17060->17062 17063 7ff60f2e1610 17061->17063 17064 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17062->17064 17065 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17063->17065 17064->17058 17065->17059 17067 7ff60f2ee571 17066->17067 17068 7ff60f2e4f1f 17066->17068 17067->17068 17074 7ff60f2f3f54 17067->17074 17070 7ff60f2ee5c4 17068->17070 17071 7ff60f2e4f2f 17070->17071 17072 7ff60f2ee5dd 17070->17072 17071->16784 17072->17071 17118 7ff60f2f32a0 17072->17118 17086 7ff60f2ebcf0 GetLastError 17074->17086 17077 7ff60f2f3fae 17077->17068 17087 7ff60f2ebd14 FlsGetValue 17086->17087 17088 7ff60f2ebd31 FlsSetValue 17086->17088 17089 7ff60f2ebd2b 17087->17089 17106 7ff60f2ebd21 17087->17106 17090 7ff60f2ebd43 17088->17090 17088->17106 17089->17088 17092 7ff60f2ef738 _get_daylight 11 API calls 17090->17092 17091 7ff60f2ebd9d SetLastError 17093 7ff60f2ebdbd 17091->17093 17094 7ff60f2ebdaa 17091->17094 17095 7ff60f2ebd52 17092->17095 17109 7ff60f2eb07c 17093->17109 17094->17077 17108 7ff60f2f1298 EnterCriticalSection 17094->17108 17097 7ff60f2ebd70 FlsSetValue 17095->17097 17098 7ff60f2ebd60 FlsSetValue 17095->17098 17099 7ff60f2ebd8e 17097->17099 17100 7ff60f2ebd7c FlsSetValue 17097->17100 17102 7ff60f2ebd69 17098->17102 17103 7ff60f2eba98 _get_daylight 11 API calls 17099->17103 17100->17102 17104 7ff60f2eb4ec __free_lconv_mon 11 API calls 17102->17104 17105 7ff60f2ebd96 17103->17105 17104->17106 17107 7ff60f2eb4ec __free_lconv_mon 11 API calls 17105->17107 17106->17091 17107->17091 17110 7ff60f2f42a0 _CreateFrameInfo EnterCriticalSection LeaveCriticalSection 17109->17110 17111 7ff60f2eb085 17110->17111 17112 7ff60f2eb094 17111->17112 17113 7ff60f2f42f0 _CreateFrameInfo 44 API calls 17111->17113 17114 7ff60f2eb09d IsProcessorFeaturePresent 17112->17114 17115 7ff60f2eb0c7 _CreateFrameInfo 17112->17115 17113->17112 17116 7ff60f2eb0ac 17114->17116 17117 7ff60f2eb1b8 _wfindfirst32i64 14 API calls 17116->17117 17117->17115 17119 7ff60f2ebcf0 _CreateFrameInfo 45 API calls 17118->17119 17120 7ff60f2f32a9 17119->17120 17128 7ff60f2e594c EnterCriticalSection 17121->17128 17130 7ff60f2d288c 17129->17130 17131 7ff60f2e50a4 49 API calls 17130->17131 17132 7ff60f2d28dd 17131->17132 17133 7ff60f2e5aa4 _get_daylight 11 API calls 17132->17133 17134 7ff60f2d28e2 17133->17134 17148 7ff60f2e5ac4 17134->17148 17137 7ff60f2d1ee0 49 API calls 17138 7ff60f2d2911 __scrt_get_show_window_mode 17137->17138 17139 7ff60f2d8bd0 57 API calls 17138->17139 17140 7ff60f2d2946 17139->17140 17141 7ff60f2d2983 MessageBoxA 17140->17141 17142 7ff60f2d294b 17140->17142 17144 7ff60f2d299d 17141->17144 17143 7ff60f2d8bd0 57 API calls 17142->17143 17145 7ff60f2d2965 MessageBoxW 17143->17145 17146 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17144->17146 17145->17144 17147 7ff60f2d29ad 17146->17147 17147->16460 17149 7ff60f2ebe68 _get_daylight 11 API calls 17148->17149 17150 7ff60f2e5adb 17149->17150 17151 7ff60f2d28e9 17150->17151 17152 7ff60f2ef738 _get_daylight 11 API calls 17150->17152 17155 7ff60f2e5b1b 17150->17155 17151->17137 17153 7ff60f2e5b10 17152->17153 17154 7ff60f2eb4ec __free_lconv_mon 11 API calls 17153->17154 17154->17155 17155->17151 17160 7ff60f2efe08 17155->17160 17158 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 17159 7ff60f2e5b60 17158->17159 17165 7ff60f2efe25 17160->17165 17161 7ff60f2efe2a 17162 7ff60f2e5b41 17161->17162 17163 7ff60f2e5aa4 _get_daylight 11 API calls 17161->17163 17162->17151 17162->17158 17164 7ff60f2efe34 17163->17164 17166 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17164->17166 17165->17161 17165->17162 17167 7ff60f2efe74 17165->17167 17166->17162 17167->17162 17168 7ff60f2e5aa4 _get_daylight 11 API calls 17167->17168 17168->17164 17170 7ff60f2d8d72 WideCharToMultiByte 17169->17170 17171 7ff60f2d8d04 WideCharToMultiByte 17169->17171 17172 7ff60f2d8d9f 17170->17172 17176 7ff60f2d3f15 17170->17176 17173 7ff60f2d8d2e 17171->17173 17177 7ff60f2d8d45 17171->17177 17175 7ff60f2d29c0 57 API calls 17172->17175 17174 7ff60f2d29c0 57 API calls 17173->17174 17174->17176 17175->17176 17176->16469 17176->16471 17177->17170 17178 7ff60f2d8d5b 17177->17178 17179 7ff60f2d29c0 57 API calls 17178->17179 17179->17176 17181 7ff60f2d7bde 17180->17181 17182 7ff60f2eaf93 17180->17182 17181->16487 17182->17181 17183 7ff60f2eb01c __std_exception_copy 37 API calls 17182->17183 17184 7ff60f2eafc0 17183->17184 17184->17181 17185 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 17184->17185 17186 7ff60f2eaff0 17185->17186 17188 7ff60f2d3fc0 116 API calls 17187->17188 17189 7ff60f2d1ac6 17188->17189 17190 7ff60f2d1c74 17189->17190 17192 7ff60f2d82b0 83 API calls 17189->17192 17191 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17190->17191 17193 7ff60f2d1c88 17191->17193 17194 7ff60f2d1afe 17192->17194 17193->16497 17220 7ff60f2d3e30 17193->17220 17218 7ff60f2d1b2f 17194->17218 17226 7ff60f2e0df4 17194->17226 17196 7ff60f2e076c 74 API calls 17196->17190 17197 7ff60f2d1b18 17198 7ff60f2d1b34 17197->17198 17199 7ff60f2d1b1c 17197->17199 17230 7ff60f2e0abc 17198->17230 17200 7ff60f2d2870 59 API calls 17199->17200 17200->17218 17203 7ff60f2d1b4f 17205 7ff60f2d2870 59 API calls 17203->17205 17204 7ff60f2d1b67 17206 7ff60f2e0df4 73 API calls 17204->17206 17205->17218 17207 7ff60f2d1bb4 17206->17207 17208 7ff60f2d1bde 17207->17208 17209 7ff60f2d1bc6 17207->17209 17211 7ff60f2e0abc _fread_nolock 53 API calls 17208->17211 17210 7ff60f2d2870 59 API calls 17209->17210 17210->17218 17212 7ff60f2d1bf3 17211->17212 17213 7ff60f2d1c0e 17212->17213 17214 7ff60f2d1bf9 17212->17214 17233 7ff60f2e0830 17213->17233 17215 7ff60f2d2870 59 API calls 17214->17215 17215->17218 17218->17196 17219 7ff60f2d2b10 59 API calls 17219->17218 17221 7ff60f2d1ee0 49 API calls 17220->17221 17222 7ff60f2d3e4d 17221->17222 17222->16507 17224 7ff60f2d1ee0 49 API calls 17223->17224 17225 7ff60f2d4070 17224->17225 17225->16497 17227 7ff60f2e0e24 17226->17227 17239 7ff60f2e0b84 17227->17239 17229 7ff60f2e0e3d 17229->17197 17251 7ff60f2e0adc 17230->17251 17234 7ff60f2e0839 17233->17234 17238 7ff60f2d1c22 17233->17238 17235 7ff60f2e5aa4 _get_daylight 11 API calls 17234->17235 17236 7ff60f2e083e 17235->17236 17237 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17236->17237 17237->17238 17238->17218 17238->17219 17240 7ff60f2e0bee 17239->17240 17241 7ff60f2e0bae 17239->17241 17240->17241 17243 7ff60f2e0bfa 17240->17243 17242 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17241->17242 17245 7ff60f2e0bd5 17242->17245 17250 7ff60f2e594c EnterCriticalSection 17243->17250 17245->17229 17252 7ff60f2e0b06 17251->17252 17263 7ff60f2d1b49 17251->17263 17253 7ff60f2e0b52 17252->17253 17254 7ff60f2e0b15 __scrt_get_show_window_mode 17252->17254 17252->17263 17264 7ff60f2e594c EnterCriticalSection 17253->17264 17256 7ff60f2e5aa4 _get_daylight 11 API calls 17254->17256 17258 7ff60f2e0b2a 17256->17258 17260 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17258->17260 17260->17263 17263->17203 17263->17204 17266 7ff60f2d868f GetTokenInformation 17265->17266 17267 7ff60f2d8711 __std_exception_copy 17265->17267 17268 7ff60f2d86b0 GetLastError 17266->17268 17269 7ff60f2d86bb 17266->17269 17270 7ff60f2d8724 CloseHandle 17267->17270 17271 7ff60f2d872a 17267->17271 17268->17267 17268->17269 17269->17267 17272 7ff60f2d86d7 GetTokenInformation 17269->17272 17270->17271 17271->16516 17272->17267 17274 7ff60f2d86fa 17272->17274 17273 7ff60f2d8704 ConvertSidToStringSidW 17273->17267 17274->17267 17274->17273 17276 7ff60f2d8765 17275->17276 17292 7ff60f2e52f8 17276->17292 17280 7ff60f2d2c50 17279->17280 17281 7ff60f2e50a4 49 API calls 17280->17281 17282 7ff60f2d2c9b __scrt_get_show_window_mode 17281->17282 17283 7ff60f2d8bd0 57 API calls 17282->17283 17284 7ff60f2d2cd0 17283->17284 17285 7ff60f2d2cd5 17284->17285 17286 7ff60f2d2d0d MessageBoxA 17284->17286 17287 7ff60f2d8bd0 57 API calls 17285->17287 17288 7ff60f2d2d27 17286->17288 17289 7ff60f2d2cef MessageBoxW 17287->17289 17290 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17288->17290 17289->17288 17291 7ff60f2d2d37 17290->17291 17291->16526 17294 7ff60f2e5352 17292->17294 17293 7ff60f2e5377 17295 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17293->17295 17294->17293 17296 7ff60f2e53b3 17294->17296 17300 7ff60f2e53a1 17295->17300 17310 7ff60f2e36b0 17296->17310 17298 7ff60f2e5494 17299 7ff60f2eb4ec __free_lconv_mon 11 API calls 17298->17299 17299->17300 17301 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17300->17301 17303 7ff60f2d8788 17301->17303 17303->16522 17304 7ff60f2e54ba 17304->17298 17307 7ff60f2e54c4 17304->17307 17305 7ff60f2e5469 17308 7ff60f2eb4ec __free_lconv_mon 11 API calls 17305->17308 17306 7ff60f2e5460 17306->17298 17306->17305 17309 7ff60f2eb4ec __free_lconv_mon 11 API calls 17307->17309 17308->17300 17309->17300 17311 7ff60f2e36ee 17310->17311 17312 7ff60f2e36de 17310->17312 17313 7ff60f2e36f7 17311->17313 17318 7ff60f2e3725 17311->17318 17315 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17312->17315 17316 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17313->17316 17314 7ff60f2e371d 17314->17298 17314->17304 17314->17305 17314->17306 17315->17314 17316->17314 17318->17312 17318->17314 17321 7ff60f2e40c4 17318->17321 17354 7ff60f2e3b10 17318->17354 17391 7ff60f2e32a0 17318->17391 17322 7ff60f2e4177 17321->17322 17323 7ff60f2e4106 17321->17323 17326 7ff60f2e41d0 17322->17326 17327 7ff60f2e417c 17322->17327 17324 7ff60f2e41a1 17323->17324 17325 7ff60f2e410c 17323->17325 17410 7ff60f2e2474 17324->17410 17328 7ff60f2e4111 17325->17328 17329 7ff60f2e4140 17325->17329 17332 7ff60f2e41da 17326->17332 17333 7ff60f2e41e7 17326->17333 17338 7ff60f2e41df 17326->17338 17330 7ff60f2e417e 17327->17330 17331 7ff60f2e41b1 17327->17331 17328->17333 17335 7ff60f2e4117 17328->17335 17329->17335 17329->17338 17336 7ff60f2e4120 17330->17336 17341 7ff60f2e418d 17330->17341 17417 7ff60f2e2064 17331->17417 17332->17324 17332->17338 17424 7ff60f2e4dcc 17333->17424 17335->17336 17342 7ff60f2e4152 17335->17342 17349 7ff60f2e413b 17335->17349 17353 7ff60f2e4210 17336->17353 17394 7ff60f2e4878 17336->17394 17338->17353 17428 7ff60f2e2884 17338->17428 17341->17324 17344 7ff60f2e4192 17341->17344 17342->17353 17404 7ff60f2e4bb4 17342->17404 17347 7ff60f2e4c78 37 API calls 17344->17347 17344->17353 17346 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17348 7ff60f2e450a 17346->17348 17347->17349 17348->17318 17350 7ff60f2e43fc 17349->17350 17351 7ff60f2e4ee0 45 API calls 17349->17351 17349->17353 17350->17353 17435 7ff60f2ef5a8 17350->17435 17351->17350 17353->17346 17355 7ff60f2e3b34 17354->17355 17356 7ff60f2e3b1e 17354->17356 17357 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17355->17357 17360 7ff60f2e3b74 17355->17360 17358 7ff60f2e4177 17356->17358 17359 7ff60f2e4106 17356->17359 17356->17360 17357->17360 17363 7ff60f2e41d0 17358->17363 17364 7ff60f2e417c 17358->17364 17361 7ff60f2e41a1 17359->17361 17362 7ff60f2e410c 17359->17362 17360->17318 17371 7ff60f2e2474 38 API calls 17361->17371 17365 7ff60f2e4111 17362->17365 17366 7ff60f2e4140 17362->17366 17369 7ff60f2e41da 17363->17369 17370 7ff60f2e41e7 17363->17370 17375 7ff60f2e41df 17363->17375 17367 7ff60f2e417e 17364->17367 17368 7ff60f2e41b1 17364->17368 17365->17370 17372 7ff60f2e4117 17365->17372 17366->17372 17366->17375 17373 7ff60f2e4120 17367->17373 17380 7ff60f2e418d 17367->17380 17377 7ff60f2e2064 38 API calls 17368->17377 17369->17361 17369->17375 17376 7ff60f2e4dcc 45 API calls 17370->17376 17386 7ff60f2e413b 17371->17386 17372->17373 17378 7ff60f2e4152 17372->17378 17372->17386 17374 7ff60f2e4878 47 API calls 17373->17374 17389 7ff60f2e4210 17373->17389 17374->17386 17379 7ff60f2e2884 38 API calls 17375->17379 17375->17389 17376->17386 17377->17386 17381 7ff60f2e4bb4 46 API calls 17378->17381 17378->17389 17379->17386 17380->17361 17382 7ff60f2e4192 17380->17382 17381->17386 17384 7ff60f2e4c78 37 API calls 17382->17384 17382->17389 17383 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17385 7ff60f2e450a 17383->17385 17384->17386 17385->17318 17387 7ff60f2e4ee0 45 API calls 17386->17387 17386->17389 17390 7ff60f2e43fc 17386->17390 17387->17390 17388 7ff60f2ef5a8 46 API calls 17388->17390 17389->17383 17390->17388 17390->17389 17469 7ff60f2e16e8 17391->17469 17395 7ff60f2e489e 17394->17395 17396 7ff60f2e12a0 12 API calls 17395->17396 17397 7ff60f2e48ee 17396->17397 17398 7ff60f2ef110 46 API calls 17397->17398 17405 7ff60f2e4be9 17404->17405 17406 7ff60f2e4c07 17405->17406 17407 7ff60f2e4c2e 17405->17407 17408 7ff60f2e4ee0 45 API calls 17405->17408 17409 7ff60f2ef5a8 46 API calls 17406->17409 17407->17349 17408->17406 17409->17407 17411 7ff60f2e24a7 17410->17411 17412 7ff60f2e24d6 17411->17412 17414 7ff60f2e2593 17411->17414 17416 7ff60f2e2513 17412->17416 17447 7ff60f2e1348 17412->17447 17415 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17414->17415 17415->17416 17416->17349 17418 7ff60f2e2097 17417->17418 17419 7ff60f2e20c6 17418->17419 17421 7ff60f2e2183 17418->17421 17420 7ff60f2e1348 12 API calls 17419->17420 17423 7ff60f2e2103 17419->17423 17420->17423 17422 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17421->17422 17422->17423 17423->17349 17425 7ff60f2e4e0f 17424->17425 17427 7ff60f2e4e13 __crtLCMapStringW 17425->17427 17455 7ff60f2e4e68 17425->17455 17427->17349 17429 7ff60f2e28b7 17428->17429 17430 7ff60f2e28e6 17429->17430 17432 7ff60f2e29a3 17429->17432 17431 7ff60f2e1348 12 API calls 17430->17431 17434 7ff60f2e2923 17430->17434 17431->17434 17433 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17432->17433 17433->17434 17434->17349 17436 7ff60f2ef5d9 17435->17436 17444 7ff60f2ef5e7 17435->17444 17437 7ff60f2ef607 17436->17437 17438 7ff60f2e4ee0 45 API calls 17436->17438 17436->17444 17439 7ff60f2ef63f 17437->17439 17440 7ff60f2ef618 17437->17440 17438->17437 17439->17444 17444->17350 17448 7ff60f2e136e 17447->17448 17449 7ff60f2e137f 17447->17449 17448->17416 17449->17448 17450 7ff60f2ee19c _fread_nolock 12 API calls 17449->17450 17451 7ff60f2e13b0 17450->17451 17456 7ff60f2e4e8e 17455->17456 17457 7ff60f2e4e86 17455->17457 17456->17427 17458 7ff60f2e4ee0 45 API calls 17457->17458 17458->17456 17470 7ff60f2e172f 17469->17470 17471 7ff60f2e171d 17469->17471 17473 7ff60f2e173d 17470->17473 17477 7ff60f2e1779 17470->17477 17472 7ff60f2e5aa4 _get_daylight 11 API calls 17471->17472 17474 7ff60f2e1722 17472->17474 17475 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 17473->17475 17476 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17474->17476 17481 7ff60f2e172d 17475->17481 17476->17481 17478 7ff60f2e1af5 17477->17478 17480 7ff60f2e5aa4 _get_daylight 11 API calls 17477->17480 17479 7ff60f2e5aa4 _get_daylight 11 API calls 17478->17479 17478->17481 17482 7ff60f2e1d89 17479->17482 17483 7ff60f2e1aea 17480->17483 17481->17318 17484 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17482->17484 17485 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 17483->17485 17484->17481 17485->17478 17487 7ff60f2d7966 17486->17487 17488 7ff60f2d798a 17487->17488 17489 7ff60f2d79dd GetTempPathW 17487->17489 17491 7ff60f2d7b60 61 API calls 17488->17491 17490 7ff60f2d79f2 17489->17490 17525 7ff60f2d2810 17490->17525 17492 7ff60f2d7996 17491->17492 17537 7ff60f2d7420 17492->17537 17502 7ff60f2d7a0b __std_exception_copy 17503 7ff60f2d7ab6 17502->17503 17508 7ff60f2d7a41 17502->17508 17529 7ff60f2e9084 17502->17529 17532 7ff60f2d8b70 17502->17532 17506 7ff60f2d8ce0 59 API calls 17503->17506 17509 7ff60f2d8bd0 57 API calls 17508->17509 17519 7ff60f2d7a7a __std_exception_copy 17508->17519 17526 7ff60f2d2835 17525->17526 17527 7ff60f2e52f8 48 API calls 17526->17527 17528 7ff60f2d2854 17527->17528 17528->17502 17571 7ff60f2e8cb0 17529->17571 17533 7ff60f2d8b80 17532->17533 17534 7ff60f2d8b96 CreateDirectoryW 17532->17534 17534->17502 17538 7ff60f2d742c 17537->17538 17539 7ff60f2d8bd0 57 API calls 17538->17539 17540 7ff60f2d744e 17539->17540 17541 7ff60f2d7456 17540->17541 17542 7ff60f2d7469 ExpandEnvironmentStringsW 17540->17542 17543 7ff60f2d2b10 59 API calls 17541->17543 17544 7ff60f2d748f __std_exception_copy 17542->17544 17545 7ff60f2d7462 17543->17545 17546 7ff60f2d7493 17544->17546 17547 7ff60f2d74a6 17544->17547 17819 7ff60f2d172e 17818->17819 17820 7ff60f2d1716 17818->17820 17822 7ff60f2d1734 17819->17822 17823 7ff60f2d1758 17819->17823 17821 7ff60f2d2b10 59 API calls 17820->17821 17825 7ff60f2d1722 17821->17825 17948 7ff60f2d12a0 17822->17948 17911 7ff60f2d7c10 17823->17911 17825->16558 17829 7ff60f2d174f 17829->16558 17830 7ff60f2d177d 17833 7ff60f2d2870 59 API calls 17830->17833 17831 7ff60f2d17a9 17834 7ff60f2d3fc0 116 API calls 17831->17834 17832 7ff60f2d2b10 59 API calls 17832->17829 17835 7ff60f2d1793 17833->17835 17836 7ff60f2d17be 17834->17836 17835->16558 17837 7ff60f2d17de 17836->17837 17838 7ff60f2d17c6 17836->17838 17839 7ff60f2e0df4 73 API calls 17837->17839 17840 7ff60f2d2b10 59 API calls 17838->17840 17841 7ff60f2d17ef 17839->17841 17842 7ff60f2d17d5 17840->17842 17843 7ff60f2d1813 17841->17843 17844 7ff60f2d17f3 17841->17844 17846 7ff60f2e076c 74 API calls 17842->17846 17861 7ff60f2d2d66 17860->17861 17862 7ff60f2d1ee0 49 API calls 17861->17862 17863 7ff60f2d2d99 17862->17863 17864 7ff60f2d3e30 49 API calls 17863->17864 17910 7ff60f2d30ca 17863->17910 17865 7ff60f2d2e07 17864->17865 17866 7ff60f2d3e30 49 API calls 17865->17866 17867 7ff60f2d2e18 17866->17867 17868 7ff60f2d2e75 17867->17868 17869 7ff60f2d2e39 17867->17869 17871 7ff60f2d3190 75 API calls 17868->17871 18070 7ff60f2d3190 17869->18070 17872 7ff60f2d2e73 17871->17872 17873 7ff60f2d2eb4 17872->17873 17874 7ff60f2d2ef6 17872->17874 18078 7ff60f2d75a0 17873->18078 17876 7ff60f2d3190 75 API calls 17874->17876 17878 7ff60f2d2f20 17876->17878 17882 7ff60f2d3190 75 API calls 17878->17882 17888 7ff60f2d2fbc 17878->17888 17883 7ff60f2d2f52 17882->17883 17883->17888 17889 7ff60f2d3190 75 API calls 17883->17889 17884 7ff60f2d1ea0 59 API calls 17886 7ff60f2d300f 17884->17886 17886->17910 17888->17884 17903 7ff60f2d30cf 17888->17903 17901 7ff60f2d3128 17903->17901 18115 7ff60f2e5650 17903->18115 17912 7ff60f2d7c20 17911->17912 17913 7ff60f2d1ee0 49 API calls 17912->17913 17914 7ff60f2d7c61 17913->17914 17929 7ff60f2d7ce1 17914->17929 17991 7ff60f2d3f50 17914->17991 17916 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17918 7ff60f2d1775 17916->17918 17918->17830 17918->17831 17919 7ff60f2d7d1b 17997 7ff60f2d77c0 17919->17997 17921 7ff60f2d7c92 __std_exception_copy 17923 7ff60f2d7cd0 17921->17923 17924 7ff60f2d7d04 17921->17924 17926 7ff60f2d2c30 59 API calls 17923->17926 17927 7ff60f2d2c30 59 API calls 17924->17927 17925 7ff60f2d7b60 61 API calls 17925->17921 17926->17929 17927->17919 17929->17916 17949 7ff60f2d12b2 17948->17949 17950 7ff60f2d3fc0 116 API calls 17949->17950 17951 7ff60f2d12e2 17950->17951 17952 7ff60f2d1301 17951->17952 17953 7ff60f2d12ea 17951->17953 17955 7ff60f2e0df4 73 API calls 17952->17955 17954 7ff60f2d2b10 59 API calls 17953->17954 17961 7ff60f2d12fa __std_exception_copy 17954->17961 17956 7ff60f2d1313 17955->17956 17957 7ff60f2d133d 17956->17957 17958 7ff60f2d1317 17956->17958 17963 7ff60f2d1380 17957->17963 17964 7ff60f2d1358 17957->17964 17959 7ff60f2d2870 59 API calls 17958->17959 17960 7ff60f2d132e 17959->17960 17962 7ff60f2e076c 74 API calls 17960->17962 17965 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17961->17965 17962->17961 17968 7ff60f2d1453 17963->17968 17969 7ff60f2d139a 17963->17969 17967 7ff60f2d2870 59 API calls 17964->17967 17966 7ff60f2d1444 17965->17966 17966->17829 17966->17832 17970 7ff60f2d1373 17967->17970 17976 7ff60f2e0abc _fread_nolock 53 API calls 17968->17976 17980 7ff60f2d14ab 17968->17980 17981 7ff60f2d13b3 17968->17981 17971 7ff60f2d1050 98 API calls 17969->17971 17973 7ff60f2e076c 74 API calls 17970->17973 17974 7ff60f2d13ab 17971->17974 17972 7ff60f2e076c 74 API calls 17975 7ff60f2d13bf 17972->17975 17973->17961 17978 7ff60f2d14c2 __std_exception_copy 17974->17978 17974->17981 17977 7ff60f2d77c0 64 API calls 17975->17977 17976->17968 17983 7ff60f2e076c 74 API calls 17978->17983 17982 7ff60f2d2870 59 API calls 17980->17982 17981->17972 17982->17978 17983->17961 17992 7ff60f2d3f5a 17991->17992 17993 7ff60f2d8bd0 57 API calls 17992->17993 17994 7ff60f2d3f82 17993->17994 17995 7ff60f2dbe00 _wfindfirst32i64 8 API calls 17994->17995 17996 7ff60f2d3faa 17995->17996 17996->17919 17996->17921 17996->17925 17998 7ff60f2d77d0 17997->17998 17999 7ff60f2d1ee0 49 API calls 17998->17999 18000 7ff60f2d7801 17999->18000 18071 7ff60f2d31c4 18070->18071 18072 7ff60f2e50a4 49 API calls 18071->18072 18073 7ff60f2d31ea 18072->18073 18074 7ff60f2d31fb 18073->18074 18130 7ff60f2e63cc 18073->18130 18076 7ff60f2dbe00 _wfindfirst32i64 8 API calls 18074->18076 18077 7ff60f2d3219 18076->18077 18077->17872 18079 7ff60f2d75ae 18078->18079 18080 7ff60f2d3fc0 116 API calls 18079->18080 18081 7ff60f2d75dd 18080->18081 18082 7ff60f2d1ee0 49 API calls 18081->18082 18116 7ff60f2e568a 18115->18116 18117 7ff60f2e565d 18115->18117 18131 7ff60f2e63f5 18130->18131 18132 7ff60f2e63e9 18130->18132 18172 7ff60f2e5578 18131->18172 18147 7ff60f2e5ce0 18132->18147 18148 7ff60f2e5cfa 18147->18148 18149 7ff60f2e5d17 18147->18149 18149->18148 18173 7ff60f2e559c 18172->18173 18174 7ff60f2e5597 18172->18174 18173->18174 18355 7ff60f2e69bc 18354->18355 18356 7ff60f2e69e2 18355->18356 18359 7ff60f2e6a15 18355->18359 18357 7ff60f2e5aa4 _get_daylight 11 API calls 18356->18357 18358 7ff60f2e69e7 18357->18358 18360 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 18358->18360 18361 7ff60f2e6a1b 18359->18361 18362 7ff60f2e6a28 18359->18362 18372 7ff60f2d4019 18360->18372 18363 7ff60f2e5aa4 _get_daylight 11 API calls 18361->18363 18373 7ff60f2eb7cc 18362->18373 18363->18372 18372->16613 18386 7ff60f2f1298 EnterCriticalSection 18373->18386 18734 7ff60f2e9680 18733->18734 18737 7ff60f2e915c 18734->18737 18738 7ff60f2e91a6 18737->18738 18739 7ff60f2e9177 18737->18739 18747 7ff60f2e594c EnterCriticalSection 18738->18747 18740 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 18739->18740 18742 7ff60f2e9197 18740->18742 18749 7ff60f2e0563 18748->18749 18750 7ff60f2e0591 18748->18750 18751 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 18749->18751 18757 7ff60f2e0583 18750->18757 18758 7ff60f2e594c EnterCriticalSection 18750->18758 18751->18757 18757->16627 18760 7ff60f2d3fc0 116 API calls 18759->18760 18761 7ff60f2d15b7 18760->18761 18762 7ff60f2d15bf 18761->18762 18763 7ff60f2d15e0 18761->18763 18765 7ff60f2d2b10 59 API calls 18762->18765 18764 7ff60f2e0df4 73 API calls 18763->18764 18766 7ff60f2d15f1 18764->18766 18767 7ff60f2d15cf 18765->18767 18768 7ff60f2d15f5 18766->18768 18769 7ff60f2d1611 18766->18769 18767->16632 18770 7ff60f2d2870 59 API calls 18768->18770 18772 7ff60f2d1641 18769->18772 18773 7ff60f2d1621 18769->18773 18771 7ff60f2d160c __std_exception_copy 18770->18771 18777 7ff60f2e076c 74 API calls 18771->18777 18775 7ff60f2d166d 18772->18775 18776 7ff60f2d1656 18772->18776 18774 7ff60f2d2870 59 API calls 18773->18774 18774->18771 18775->18771 18780 7ff60f2e0abc _fread_nolock 53 API calls 18775->18780 18781 7ff60f2d16ae 18775->18781 18779 7ff60f2d1050 98 API calls 18776->18779 18778 7ff60f2d16e7 18777->18778 18778->16632 18779->18771 18780->18775 18782 7ff60f2d2870 59 API calls 18781->18782 18782->18771 18785 7ff60f2d195f 18783->18785 18786 7ff60f2d19c3 18783->18786 18784 7ff60f2e5650 45 API calls 18784->18785 18785->18784 18785->18786 18786->16651 18788 7ff60f2d8bd0 57 API calls 18787->18788 18789 7ff60f2d8277 LoadLibraryExW 18788->18789 18790 7ff60f2d8294 __std_exception_copy 18789->18790 18790->16659 18792 7ff60f2d6f3c GetProcAddress 18791->18792 18793 7ff60f2d6f19 18791->18793 18792->18793 18850->16677 18851->16675 18853 7ff60f2d5bd0 18852->18853 18854 7ff60f2d1ee0 49 API calls 18853->18854 18855 7ff60f2d5c02 18854->18855 18856 7ff60f2d5c2b 18855->18856 18857 7ff60f2d5c0b 18855->18857 18858 7ff60f2d5c82 18856->18858 18860 7ff60f2d4040 49 API calls 18856->18860 18859 7ff60f2d2b10 59 API calls 18857->18859 18861 7ff60f2d4040 49 API calls 18858->18861 18879 7ff60f2d5c21 18859->18879 18862 7ff60f2d5c4c 18860->18862 18863 7ff60f2d5c9b 18861->18863 18864 7ff60f2d5c6a 18862->18864 18869 7ff60f2d2b10 59 API calls 18862->18869 18866 7ff60f2d5cb9 18863->18866 18867 7ff60f2d2b10 59 API calls 18863->18867 18870 7ff60f2d3f50 57 API calls 18864->18870 18865 7ff60f2dbe00 _wfindfirst32i64 8 API calls 18871 7ff60f2d344e 18865->18871 18868 7ff60f2d8260 58 API calls 18866->18868 18867->18866 18872 7ff60f2d5cc6 18868->18872 18869->18864 18873 7ff60f2d5c74 18870->18873 18871->16686 18880 7ff60f2d5d20 18871->18880 18874 7ff60f2d5ccb 18872->18874 18875 7ff60f2d5ced 18872->18875 18873->18858 18878 7ff60f2d8260 58 API calls 18873->18878 18876 7ff60f2d29c0 57 API calls 18874->18876 18950 7ff60f2d51e0 GetProcAddress 18875->18950 18876->18879 18878->18858 18879->18865 19034 7ff60f2d4de0 18880->19034 18882 7ff60f2d5d44 18883 7ff60f2d5d4c 18882->18883 18884 7ff60f2d5d5d 18882->18884 18885 7ff60f2d2b10 59 API calls 18883->18885 19041 7ff60f2d4520 18884->19041 18891 7ff60f2d5d58 18885->18891 18891->16688 18951 7ff60f2d5202 18950->18951 18952 7ff60f2d5220 GetProcAddress 18950->18952 18954 7ff60f2d29c0 57 API calls 18951->18954 18952->18951 18953 7ff60f2d5245 GetProcAddress 18952->18953 18953->18951 18955 7ff60f2d526a GetProcAddress 18953->18955 18956 7ff60f2d5215 18954->18956 18955->18951 18957 7ff60f2d5292 GetProcAddress 18955->18957 18956->18879 18957->18951 18958 7ff60f2d52ba GetProcAddress 18957->18958 18958->18951 19037 7ff60f2d4e05 19034->19037 19035 7ff60f2d4e0d 19035->18882 19036 7ff60f2d514a __std_exception_copy 19036->18882 19037->19035 19039 7ff60f2d4f9f 19037->19039 19076 7ff60f2e7598 19037->19076 19038 7ff60f2d4240 47 API calls 19038->19039 19039->19036 19039->19038 19042 7ff60f2d4550 19041->19042 19077 7ff60f2e75c8 19076->19077 19080 7ff60f2e6a94 19077->19080 19081 7ff60f2e6ac5 19080->19081 19082 7ff60f2e6ad7 19080->19082 19083 7ff60f2e5aa4 _get_daylight 11 API calls 19081->19083 19084 7ff60f2e6b21 19082->19084 19085 7ff60f2e6ae4 19082->19085 19087 7ff60f2e6aca 19083->19087 19086 7ff60f2e6b3c 19084->19086 19089 7ff60f2e4ee0 45 API calls 19084->19089 19088 7ff60f2eb3b8 _invalid_parameter_noinfo 37 API calls 19085->19088 19089->19086 19212 7ff60f2ebcf0 _CreateFrameInfo 45 API calls 19211->19212 19213 7ff60f2eaf51 19212->19213 19214 7ff60f2eb07c _CreateFrameInfo 45 API calls 19213->19214 19215 7ff60f2eaf71 19214->19215 20758 7ff60f2dafbc 20759 7ff60f2da3c3 20758->20759 20761 7ff60f2da446 20758->20761 20760 7ff60f2db640 12 API calls 20759->20760 20759->20761 20760->20761 20259 7ff60f2d9d2b 20261 7ff60f2d9d30 memcpy_s 20259->20261 20260 7ff60f2db640 12 API calls 20262 7ff60f2d9d5a 20260->20262 20261->20260 20261->20262 19914 7ff60f2fbca9 19915 7ff60f2fbcc2 19914->19915 19916 7ff60f2fbcb8 19914->19916 19918 7ff60f2f12f8 LeaveCriticalSection 19916->19918 19216 7ff60f2f1518 19217 7ff60f2f153c 19216->19217 19219 7ff60f2f154c 19216->19219 19218 7ff60f2e5aa4 _get_daylight 11 API calls 19217->19218 19241 7ff60f2f1541 19218->19241 19220 7ff60f2f182c 19219->19220 19221 7ff60f2f156e 19219->19221 19222 7ff60f2e5aa4 _get_daylight 11 API calls 19220->19222 19223 7ff60f2f158f 19221->19223 19362 7ff60f2f1bd4 19221->19362 19224 7ff60f2f1831 19222->19224 19227 7ff60f2f1601 19223->19227 19229 7ff60f2f15b5 19223->19229 19233 7ff60f2f15f5 19223->19233 19225 7ff60f2eb4ec __free_lconv_mon 11 API calls 19224->19225 19225->19241 19231 7ff60f2ef738 _get_daylight 11 API calls 19227->19231 19245 7ff60f2f15c4 19227->19245 19228 7ff60f2f16ae 19240 7ff60f2f16cb 19228->19240 19246 7ff60f2f171d 19228->19246 19377 7ff60f2ea230 19229->19377 19234 7ff60f2f1617 19231->19234 19233->19228 19233->19245 19383 7ff60f2f7fdc 19233->19383 19237 7ff60f2eb4ec __free_lconv_mon 11 API calls 19234->19237 19236 7ff60f2eb4ec __free_lconv_mon 11 API calls 19236->19241 19242 7ff60f2f1625 19237->19242 19238 7ff60f2f15bf 19243 7ff60f2e5aa4 _get_daylight 11 API calls 19238->19243 19239 7ff60f2f15dd 19239->19233 19248 7ff60f2f1bd4 45 API calls 19239->19248 19244 7ff60f2eb4ec __free_lconv_mon 11 API calls 19240->19244 19242->19233 19242->19245 19250 7ff60f2ef738 _get_daylight 11 API calls 19242->19250 19243->19245 19247 7ff60f2f16d4 19244->19247 19245->19236 19246->19245 19249 7ff60f2f402c 40 API calls 19246->19249 19257 7ff60f2f16d9 19247->19257 19419 7ff60f2f402c 19247->19419 19248->19233 19251 7ff60f2f175a 19249->19251 19253 7ff60f2f1647 19250->19253 19254 7ff60f2eb4ec __free_lconv_mon 11 API calls 19251->19254 19258 7ff60f2eb4ec __free_lconv_mon 11 API calls 19253->19258 19259 7ff60f2f1764 19254->19259 19255 7ff60f2f1705 19260 7ff60f2eb4ec __free_lconv_mon 11 API calls 19255->19260 19256 7ff60f2f1820 19261 7ff60f2eb4ec __free_lconv_mon 11 API calls 19256->19261 19257->19256 19262 7ff60f2ef738 _get_daylight 11 API calls 19257->19262 19258->19233 19259->19245 19259->19257 19260->19257 19261->19241 19263 7ff60f2f17a8 19262->19263 19264 7ff60f2f17b0 19263->19264 19265 7ff60f2f17b9 19263->19265 19266 7ff60f2eb4ec __free_lconv_mon 11 API calls 19264->19266 19267 7ff60f2eb01c __std_exception_copy 37 API calls 19265->19267 19268 7ff60f2f17b7 19266->19268 19269 7ff60f2f17c8 19267->19269 19273 7ff60f2eb4ec __free_lconv_mon 11 API calls 19268->19273 19270 7ff60f2f17d0 19269->19270 19271 7ff60f2f185b 19269->19271 19428 7ff60f2f80f4 19270->19428 19272 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 19271->19272 19275 7ff60f2f186f 19272->19275 19273->19241 19279 7ff60f2f1898 19275->19279 19286 7ff60f2f18a8 19275->19286 19277 7ff60f2f1818 19282 7ff60f2eb4ec __free_lconv_mon 11 API calls 19277->19282 19278 7ff60f2f17f7 19280 7ff60f2e5aa4 _get_daylight 11 API calls 19278->19280 19281 7ff60f2e5aa4 _get_daylight 11 API calls 19279->19281 19283 7ff60f2f17fc 19280->19283 19284 7ff60f2f189d 19281->19284 19282->19256 19285 7ff60f2eb4ec __free_lconv_mon 11 API calls 19283->19285 19285->19268 19287 7ff60f2f1b8b 19286->19287 19288 7ff60f2f18ca 19286->19288 19289 7ff60f2e5aa4 _get_daylight 11 API calls 19287->19289 19290 7ff60f2f18e7 19288->19290 19347 7ff60f2f1cbc 19288->19347 19291 7ff60f2f1b90 19289->19291 19294 7ff60f2f195b 19290->19294 19296 7ff60f2f190f 19290->19296 19300 7ff60f2f194f 19290->19300 19292 7ff60f2eb4ec __free_lconv_mon 11 API calls 19291->19292 19292->19284 19298 7ff60f2f1983 19294->19298 19301 7ff60f2ef738 _get_daylight 11 API calls 19294->19301 19315 7ff60f2f191e 19294->19315 19295 7ff60f2f1a0e 19309 7ff60f2f1a2b 19295->19309 19316 7ff60f2f1a7e 19295->19316 19447 7ff60f2ea26c 19296->19447 19298->19300 19303 7ff60f2ef738 _get_daylight 11 API calls 19298->19303 19298->19315 19300->19295 19300->19315 19453 7ff60f2f7e9c 19300->19453 19305 7ff60f2f1975 19301->19305 19308 7ff60f2f19a5 19303->19308 19304 7ff60f2eb4ec __free_lconv_mon 11 API calls 19304->19284 19310 7ff60f2eb4ec __free_lconv_mon 11 API calls 19305->19310 19306 7ff60f2f1919 19311 7ff60f2e5aa4 _get_daylight 11 API calls 19306->19311 19307 7ff60f2f1937 19307->19300 19314 7ff60f2f1cbc 45 API calls 19307->19314 19312 7ff60f2eb4ec __free_lconv_mon 11 API calls 19308->19312 19313 7ff60f2eb4ec __free_lconv_mon 11 API calls 19309->19313 19310->19298 19311->19315 19312->19300 19317 7ff60f2f1a34 19313->19317 19314->19300 19315->19304 19316->19315 19318 7ff60f2f402c 40 API calls 19316->19318 19320 7ff60f2f402c 40 API calls 19317->19320 19324 7ff60f2f1a3a 19317->19324 19319 7ff60f2f1abc 19318->19319 19321 7ff60f2eb4ec __free_lconv_mon 11 API calls 19319->19321 19325 7ff60f2f1a66 19320->19325 19322 7ff60f2f1ac6 19321->19322 19322->19315 19322->19324 19323 7ff60f2f1b7f 19327 7ff60f2eb4ec __free_lconv_mon 11 API calls 19323->19327 19324->19323 19328 7ff60f2ef738 _get_daylight 11 API calls 19324->19328 19326 7ff60f2eb4ec __free_lconv_mon 11 API calls 19325->19326 19326->19324 19327->19284 19329 7ff60f2f1b0b 19328->19329 19330 7ff60f2f1b13 19329->19330 19331 7ff60f2f1b1c 19329->19331 19332 7ff60f2eb4ec __free_lconv_mon 11 API calls 19330->19332 19333 7ff60f2f1434 _wfindfirst32i64 37 API calls 19331->19333 19346 7ff60f2f1b1a 19332->19346 19334 7ff60f2f1b2a 19333->19334 19335 7ff60f2f1b32 SetEnvironmentVariableW 19334->19335 19336 7ff60f2f1bbf 19334->19336 19337 7ff60f2f1b56 19335->19337 19338 7ff60f2f1b77 19335->19338 19339 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 19336->19339 19341 7ff60f2e5aa4 _get_daylight 11 API calls 19337->19341 19343 7ff60f2eb4ec __free_lconv_mon 11 API calls 19338->19343 19342 7ff60f2f1bd3 19339->19342 19340 7ff60f2eb4ec __free_lconv_mon 11 API calls 19340->19284 19344 7ff60f2f1b5b 19341->19344 19343->19323 19345 7ff60f2eb4ec __free_lconv_mon 11 API calls 19344->19345 19345->19346 19346->19340 19348 7ff60f2f1cdf 19347->19348 19349 7ff60f2f1cfc 19347->19349 19348->19290 19350 7ff60f2ef738 _get_daylight 11 API calls 19349->19350 19357 7ff60f2f1d20 19350->19357 19351 7ff60f2f1da4 19352 7ff60f2eb07c _CreateFrameInfo 45 API calls 19351->19352 19354 7ff60f2f1daa 19352->19354 19353 7ff60f2f1d81 19355 7ff60f2eb4ec __free_lconv_mon 11 API calls 19353->19355 19355->19348 19356 7ff60f2ef738 _get_daylight 11 API calls 19356->19357 19357->19351 19357->19353 19357->19356 19358 7ff60f2eb4ec __free_lconv_mon 11 API calls 19357->19358 19359 7ff60f2f1434 _wfindfirst32i64 37 API calls 19357->19359 19360 7ff60f2f1d90 19357->19360 19358->19357 19359->19357 19361 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 19360->19361 19361->19351 19363 7ff60f2f1bf1 19362->19363 19364 7ff60f2f1c09 19362->19364 19363->19223 19365 7ff60f2ef738 _get_daylight 11 API calls 19364->19365 19366 7ff60f2f1c2d 19365->19366 19367 7ff60f2f1c8e 19366->19367 19371 7ff60f2ef738 _get_daylight 11 API calls 19366->19371 19372 7ff60f2eb4ec __free_lconv_mon 11 API calls 19366->19372 19373 7ff60f2eb01c __std_exception_copy 37 API calls 19366->19373 19374 7ff60f2f1c9d 19366->19374 19376 7ff60f2f1cb2 19366->19376 19369 7ff60f2eb4ec __free_lconv_mon 11 API calls 19367->19369 19368 7ff60f2eb07c _CreateFrameInfo 45 API calls 19370 7ff60f2f1cb8 19368->19370 19369->19363 19371->19366 19372->19366 19373->19366 19375 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 19374->19375 19375->19376 19376->19368 19378 7ff60f2ea240 19377->19378 19379 7ff60f2ea249 19377->19379 19378->19379 19477 7ff60f2e9d08 19378->19477 19379->19238 19379->19239 19384 7ff60f2f718c 19383->19384 19385 7ff60f2f7fe9 19383->19385 19386 7ff60f2f71cf 19384->19386 19387 7ff60f2f7199 19384->19387 19388 7ff60f2e5578 45 API calls 19385->19388 19389 7ff60f2f71f9 19386->19389 19397 7ff60f2f721e 19386->19397 19390 7ff60f2e5aa4 _get_daylight 11 API calls 19387->19390 19407 7ff60f2f7140 19387->19407 19394 7ff60f2f801d 19388->19394 19391 7ff60f2e5aa4 _get_daylight 11 API calls 19389->19391 19392 7ff60f2f71a3 19390->19392 19395 7ff60f2f71fe 19391->19395 19396 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19392->19396 19393 7ff60f2f8022 19393->19233 19394->19393 19398 7ff60f2f8033 19394->19398 19399 7ff60f2f804a 19394->19399 19401 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19395->19401 19402 7ff60f2f71ae 19396->19402 19406 7ff60f2e5578 45 API calls 19397->19406 19410 7ff60f2f7209 19397->19410 19400 7ff60f2e5aa4 _get_daylight 11 API calls 19398->19400 19404 7ff60f2f8054 19399->19404 19405 7ff60f2f8066 19399->19405 19403 7ff60f2f8038 19400->19403 19401->19410 19402->19233 19408 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19403->19408 19409 7ff60f2e5aa4 _get_daylight 11 API calls 19404->19409 19411 7ff60f2f808e 19405->19411 19412 7ff60f2f8077 19405->19412 19406->19410 19407->19233 19408->19393 19414 7ff60f2f8059 19409->19414 19410->19233 19709 7ff60f2f9e04 19411->19709 19700 7ff60f2f71dc 19412->19700 19417 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19414->19417 19417->19393 19418 7ff60f2e5aa4 _get_daylight 11 API calls 19418->19393 19420 7ff60f2f404e 19419->19420 19421 7ff60f2f406b 19419->19421 19420->19421 19422 7ff60f2f405c 19420->19422 19423 7ff60f2f4075 19421->19423 19749 7ff60f2f8ae8 19421->19749 19424 7ff60f2e5aa4 _get_daylight 11 API calls 19422->19424 19756 7ff60f2f149c 19423->19756 19427 7ff60f2f4061 __scrt_get_show_window_mode 19424->19427 19427->19255 19429 7ff60f2e5578 45 API calls 19428->19429 19430 7ff60f2f815a 19429->19430 19431 7ff60f2f8168 19430->19431 19432 7ff60f2ef9c4 5 API calls 19430->19432 19433 7ff60f2e5b64 14 API calls 19431->19433 19432->19431 19434 7ff60f2f81c4 19433->19434 19435 7ff60f2f8254 19434->19435 19436 7ff60f2e5578 45 API calls 19434->19436 19438 7ff60f2f8265 19435->19438 19440 7ff60f2eb4ec __free_lconv_mon 11 API calls 19435->19440 19437 7ff60f2f81d7 19436->19437 19442 7ff60f2ef9c4 5 API calls 19437->19442 19443 7ff60f2f81e0 19437->19443 19439 7ff60f2f17f3 19438->19439 19441 7ff60f2eb4ec __free_lconv_mon 11 API calls 19438->19441 19439->19277 19439->19278 19440->19438 19441->19439 19442->19443 19444 7ff60f2e5b64 14 API calls 19443->19444 19445 7ff60f2f823b 19444->19445 19445->19435 19446 7ff60f2f8243 SetEnvironmentVariableW 19445->19446 19446->19435 19448 7ff60f2ea27c 19447->19448 19451 7ff60f2ea285 19447->19451 19448->19451 19768 7ff60f2e9d7c 19448->19768 19451->19306 19451->19307 19454 7ff60f2f7ea9 19453->19454 19457 7ff60f2f7ed6 19453->19457 19455 7ff60f2f7eae 19454->19455 19454->19457 19456 7ff60f2e5aa4 _get_daylight 11 API calls 19455->19456 19459 7ff60f2f7eb3 19456->19459 19458 7ff60f2f7f1a 19457->19458 19461 7ff60f2f7f39 19457->19461 19475 7ff60f2f7f0e __crtLCMapStringW 19457->19475 19460 7ff60f2e5aa4 _get_daylight 11 API calls 19458->19460 19462 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19459->19462 19463 7ff60f2f7f1f 19460->19463 19464 7ff60f2f7f55 19461->19464 19465 7ff60f2f7f43 19461->19465 19466 7ff60f2f7ebe 19462->19466 19469 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19463->19469 19468 7ff60f2e5578 45 API calls 19464->19468 19467 7ff60f2e5aa4 _get_daylight 11 API calls 19465->19467 19466->19300 19470 7ff60f2f7f48 19467->19470 19471 7ff60f2f7f62 19468->19471 19469->19475 19472 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19470->19472 19471->19475 19815 7ff60f2f99c0 19471->19815 19472->19475 19475->19300 19476 7ff60f2e5aa4 _get_daylight 11 API calls 19476->19475 19478 7ff60f2e9d21 19477->19478 19479 7ff60f2e9d1d 19477->19479 19500 7ff60f2f3240 19478->19500 19479->19379 19492 7ff60f2ea05c 19479->19492 19484 7ff60f2e9d33 19487 7ff60f2eb4ec __free_lconv_mon 11 API calls 19484->19487 19485 7ff60f2e9d3f 19526 7ff60f2e9dec 19485->19526 19487->19479 19489 7ff60f2eb4ec __free_lconv_mon 11 API calls 19490 7ff60f2e9d66 19489->19490 19491 7ff60f2eb4ec __free_lconv_mon 11 API calls 19490->19491 19491->19479 19493 7ff60f2ea085 19492->19493 19498 7ff60f2ea09e 19492->19498 19493->19379 19494 7ff60f2ef738 _get_daylight 11 API calls 19494->19498 19495 7ff60f2ea12e 19497 7ff60f2eb4ec __free_lconv_mon 11 API calls 19495->19497 19496 7ff60f2f0aa8 WideCharToMultiByte 19496->19498 19497->19493 19498->19493 19498->19494 19498->19495 19498->19496 19499 7ff60f2eb4ec __free_lconv_mon 11 API calls 19498->19499 19499->19498 19501 7ff60f2f324d 19500->19501 19502 7ff60f2e9d26 19500->19502 19545 7ff60f2ebdc4 19501->19545 19506 7ff60f2f357c GetEnvironmentStringsW 19502->19506 19507 7ff60f2e9d2b 19506->19507 19508 7ff60f2f35ac 19506->19508 19507->19484 19507->19485 19509 7ff60f2f0aa8 WideCharToMultiByte 19508->19509 19510 7ff60f2f35fd 19509->19510 19511 7ff60f2f3604 FreeEnvironmentStringsW 19510->19511 19512 7ff60f2ee19c _fread_nolock 12 API calls 19510->19512 19511->19507 19513 7ff60f2f3617 19512->19513 19514 7ff60f2f361f 19513->19514 19515 7ff60f2f3628 19513->19515 19516 7ff60f2eb4ec __free_lconv_mon 11 API calls 19514->19516 19517 7ff60f2f0aa8 WideCharToMultiByte 19515->19517 19518 7ff60f2f3626 19516->19518 19519 7ff60f2f364b 19517->19519 19518->19511 19520 7ff60f2f364f 19519->19520 19521 7ff60f2f3659 19519->19521 19522 7ff60f2eb4ec __free_lconv_mon 11 API calls 19520->19522 19523 7ff60f2eb4ec __free_lconv_mon 11 API calls 19521->19523 19524 7ff60f2f3657 FreeEnvironmentStringsW 19522->19524 19523->19524 19524->19507 19527 7ff60f2e9e11 19526->19527 19528 7ff60f2ef738 _get_daylight 11 API calls 19527->19528 19539 7ff60f2e9e47 19528->19539 19529 7ff60f2e9e4f 19530 7ff60f2eb4ec __free_lconv_mon 11 API calls 19529->19530 19531 7ff60f2e9d47 19530->19531 19531->19489 19532 7ff60f2e9ec2 19533 7ff60f2eb4ec __free_lconv_mon 11 API calls 19532->19533 19533->19531 19534 7ff60f2ef738 _get_daylight 11 API calls 19534->19539 19535 7ff60f2e9eb1 19694 7ff60f2ea018 19535->19694 19536 7ff60f2eb01c __std_exception_copy 37 API calls 19536->19539 19539->19529 19539->19532 19539->19534 19539->19535 19539->19536 19540 7ff60f2e9ee7 19539->19540 19542 7ff60f2eb4ec __free_lconv_mon 11 API calls 19539->19542 19543 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 19540->19543 19541 7ff60f2eb4ec __free_lconv_mon 11 API calls 19541->19529 19542->19539 19544 7ff60f2e9efa 19543->19544 19546 7ff60f2ebdd5 FlsGetValue 19545->19546 19547 7ff60f2ebdf0 FlsSetValue 19545->19547 19548 7ff60f2ebde2 19546->19548 19549 7ff60f2ebdea 19546->19549 19547->19548 19550 7ff60f2ebdfd 19547->19550 19551 7ff60f2ebde8 19548->19551 19552 7ff60f2eb07c _CreateFrameInfo 45 API calls 19548->19552 19549->19547 19553 7ff60f2ef738 _get_daylight 11 API calls 19550->19553 19565 7ff60f2f2f14 19551->19565 19554 7ff60f2ebe65 19552->19554 19555 7ff60f2ebe0c 19553->19555 19556 7ff60f2ebe2a FlsSetValue 19555->19556 19557 7ff60f2ebe1a FlsSetValue 19555->19557 19558 7ff60f2ebe48 19556->19558 19559 7ff60f2ebe36 FlsSetValue 19556->19559 19560 7ff60f2ebe23 19557->19560 19562 7ff60f2eba98 _get_daylight 11 API calls 19558->19562 19559->19560 19561 7ff60f2eb4ec __free_lconv_mon 11 API calls 19560->19561 19561->19548 19563 7ff60f2ebe50 19562->19563 19564 7ff60f2eb4ec __free_lconv_mon 11 API calls 19563->19564 19564->19551 19588 7ff60f2f3184 19565->19588 19567 7ff60f2f2f49 19603 7ff60f2f2c14 19567->19603 19570 7ff60f2f2f66 19570->19502 19571 7ff60f2ee19c _fread_nolock 12 API calls 19572 7ff60f2f2f77 19571->19572 19573 7ff60f2f2f7f 19572->19573 19575 7ff60f2f2f8e 19572->19575 19574 7ff60f2eb4ec __free_lconv_mon 11 API calls 19573->19574 19574->19570 19575->19575 19610 7ff60f2f32bc 19575->19610 19578 7ff60f2f308a 19579 7ff60f2e5aa4 _get_daylight 11 API calls 19578->19579 19580 7ff60f2f308f 19579->19580 19582 7ff60f2eb4ec __free_lconv_mon 11 API calls 19580->19582 19581 7ff60f2f30e5 19584 7ff60f2f314c 19581->19584 19621 7ff60f2f2a44 19581->19621 19582->19570 19583 7ff60f2f30a4 19583->19581 19586 7ff60f2eb4ec __free_lconv_mon 11 API calls 19583->19586 19585 7ff60f2eb4ec __free_lconv_mon 11 API calls 19584->19585 19585->19570 19586->19581 19589 7ff60f2f31a7 19588->19589 19592 7ff60f2f31b1 19589->19592 19636 7ff60f2f1298 EnterCriticalSection 19589->19636 19591 7ff60f2f3223 19591->19567 19592->19591 19596 7ff60f2eb07c _CreateFrameInfo 45 API calls 19592->19596 19597 7ff60f2f323b 19596->19597 19599 7ff60f2f3292 19597->19599 19600 7ff60f2ebdc4 50 API calls 19597->19600 19599->19567 19601 7ff60f2f327c 19600->19601 19602 7ff60f2f2f14 65 API calls 19601->19602 19602->19599 19604 7ff60f2e5578 45 API calls 19603->19604 19605 7ff60f2f2c28 19604->19605 19606 7ff60f2f2c34 GetOEMCP 19605->19606 19607 7ff60f2f2c46 19605->19607 19608 7ff60f2f2c5b 19606->19608 19607->19608 19609 7ff60f2f2c4b GetACP 19607->19609 19608->19570 19608->19571 19609->19608 19611 7ff60f2f2c14 47 API calls 19610->19611 19612 7ff60f2f32e9 19611->19612 19613 7ff60f2f343f 19612->19613 19615 7ff60f2f3326 IsValidCodePage 19612->19615 19620 7ff60f2f3340 __scrt_get_show_window_mode 19612->19620 19614 7ff60f2dbe00 _wfindfirst32i64 8 API calls 19613->19614 19616 7ff60f2f3081 19614->19616 19615->19613 19617 7ff60f2f3337 19615->19617 19616->19578 19616->19583 19618 7ff60f2f3366 GetCPInfo 19617->19618 19617->19620 19618->19613 19618->19620 19637 7ff60f2f2d2c 19620->19637 19693 7ff60f2f1298 EnterCriticalSection 19621->19693 19638 7ff60f2f2d69 GetCPInfo 19637->19638 19639 7ff60f2f2e5f 19637->19639 19638->19639 19641 7ff60f2f2d7c 19638->19641 19640 7ff60f2dbe00 _wfindfirst32i64 8 API calls 19639->19640 19642 7ff60f2f2efe 19640->19642 19643 7ff60f2f3a90 48 API calls 19641->19643 19642->19613 19644 7ff60f2f2df3 19643->19644 19648 7ff60f2f8a34 19644->19648 19647 7ff60f2f8a34 54 API calls 19647->19639 19649 7ff60f2e5578 45 API calls 19648->19649 19650 7ff60f2f8a59 19649->19650 19653 7ff60f2f8700 19650->19653 19654 7ff60f2f8741 19653->19654 19655 7ff60f2f01e0 _fread_nolock MultiByteToWideChar 19654->19655 19658 7ff60f2f878b 19655->19658 19656 7ff60f2f8a09 19657 7ff60f2dbe00 _wfindfirst32i64 8 API calls 19656->19657 19659 7ff60f2f2e26 19657->19659 19658->19656 19660 7ff60f2ee19c _fread_nolock 12 API calls 19658->19660 19661 7ff60f2f88c1 19658->19661 19663 7ff60f2f87c3 19658->19663 19659->19647 19660->19663 19661->19656 19662 7ff60f2eb4ec __free_lconv_mon 11 API calls 19661->19662 19662->19656 19663->19661 19664 7ff60f2f01e0 _fread_nolock MultiByteToWideChar 19663->19664 19665 7ff60f2f8836 19664->19665 19665->19661 19684 7ff60f2efb84 19665->19684 19668 7ff60f2f88d2 19670 7ff60f2ee19c _fread_nolock 12 API calls 19668->19670 19672 7ff60f2f89a4 19668->19672 19673 7ff60f2f88f0 19668->19673 19669 7ff60f2f8881 19669->19661 19671 7ff60f2efb84 __crtLCMapStringW 6 API calls 19669->19671 19670->19673 19671->19661 19672->19661 19674 7ff60f2eb4ec __free_lconv_mon 11 API calls 19672->19674 19673->19661 19675 7ff60f2efb84 __crtLCMapStringW 6 API calls 19673->19675 19674->19661 19676 7ff60f2f8970 19675->19676 19676->19672 19677 7ff60f2f8990 19676->19677 19678 7ff60f2f89a6 19676->19678 19679 7ff60f2f0aa8 WideCharToMultiByte 19677->19679 19680 7ff60f2f0aa8 WideCharToMultiByte 19678->19680 19681 7ff60f2f899e 19679->19681 19680->19681 19681->19672 19682 7ff60f2f89be 19681->19682 19682->19661 19683 7ff60f2eb4ec __free_lconv_mon 11 API calls 19682->19683 19683->19661 19685 7ff60f2ef7b0 __crtLCMapStringW 5 API calls 19684->19685 19686 7ff60f2efbc2 19685->19686 19688 7ff60f2efbca 19686->19688 19690 7ff60f2efc70 19686->19690 19688->19661 19688->19668 19688->19669 19689 7ff60f2efc33 LCMapStringW 19689->19688 19691 7ff60f2ef7b0 __crtLCMapStringW 5 API calls 19690->19691 19692 7ff60f2efc9e __crtLCMapStringW 19691->19692 19692->19689 19698 7ff60f2ea01d 19694->19698 19699 7ff60f2e9eb9 19694->19699 19695 7ff60f2ea046 19697 7ff60f2eb4ec __free_lconv_mon 11 API calls 19695->19697 19696 7ff60f2eb4ec __free_lconv_mon 11 API calls 19696->19698 19697->19699 19698->19695 19698->19696 19699->19541 19701 7ff60f2f7210 19700->19701 19702 7ff60f2f71f9 19700->19702 19701->19702 19705 7ff60f2f721e 19701->19705 19703 7ff60f2e5aa4 _get_daylight 11 API calls 19702->19703 19704 7ff60f2f71fe 19703->19704 19706 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19704->19706 19707 7ff60f2e5578 45 API calls 19705->19707 19708 7ff60f2f7209 19705->19708 19706->19708 19707->19708 19708->19393 19710 7ff60f2e5578 45 API calls 19709->19710 19711 7ff60f2f9e29 19710->19711 19714 7ff60f2f9a80 19711->19714 19719 7ff60f2f9ace 19714->19719 19715 7ff60f2dbe00 _wfindfirst32i64 8 API calls 19716 7ff60f2f80b5 19715->19716 19716->19393 19716->19418 19717 7ff60f2f9b55 19718 7ff60f2f01e0 _fread_nolock MultiByteToWideChar 19717->19718 19723 7ff60f2f9b59 19717->19723 19721 7ff60f2f9bed 19718->19721 19719->19717 19720 7ff60f2f9b40 GetCPInfo 19719->19720 19719->19723 19720->19717 19720->19723 19722 7ff60f2ee19c _fread_nolock 12 API calls 19721->19722 19721->19723 19724 7ff60f2f9c24 19721->19724 19722->19724 19723->19715 19724->19723 19725 7ff60f2f01e0 _fread_nolock MultiByteToWideChar 19724->19725 19726 7ff60f2f9c92 19725->19726 19727 7ff60f2f9d74 19726->19727 19728 7ff60f2f01e0 _fread_nolock MultiByteToWideChar 19726->19728 19727->19723 19729 7ff60f2eb4ec __free_lconv_mon 11 API calls 19727->19729 19730 7ff60f2f9cb8 19728->19730 19729->19723 19730->19727 19731 7ff60f2ee19c _fread_nolock 12 API calls 19730->19731 19732 7ff60f2f9ce5 19730->19732 19731->19732 19732->19727 19733 7ff60f2f01e0 _fread_nolock MultiByteToWideChar 19732->19733 19734 7ff60f2f9d5c 19733->19734 19735 7ff60f2f9d62 19734->19735 19736 7ff60f2f9d7c 19734->19736 19735->19727 19738 7ff60f2eb4ec __free_lconv_mon 11 API calls 19735->19738 19743 7ff60f2efa08 19736->19743 19738->19727 19740 7ff60f2f9dbb 19740->19723 19742 7ff60f2eb4ec __free_lconv_mon 11 API calls 19740->19742 19741 7ff60f2eb4ec __free_lconv_mon 11 API calls 19741->19740 19742->19723 19744 7ff60f2ef7b0 __crtLCMapStringW 5 API calls 19743->19744 19745 7ff60f2efa46 19744->19745 19746 7ff60f2efc70 __crtLCMapStringW 5 API calls 19745->19746 19748 7ff60f2efa4e 19745->19748 19747 7ff60f2efab7 CompareStringW 19746->19747 19747->19748 19748->19740 19748->19741 19750 7ff60f2f8af1 19749->19750 19751 7ff60f2f8b0a HeapSize 19749->19751 19752 7ff60f2e5aa4 _get_daylight 11 API calls 19750->19752 19753 7ff60f2f8af6 19752->19753 19754 7ff60f2eb484 _invalid_parameter_noinfo 37 API calls 19753->19754 19755 7ff60f2f8b01 19754->19755 19755->19423 19757 7ff60f2f14b1 19756->19757 19758 7ff60f2f14bb 19756->19758 19759 7ff60f2ee19c _fread_nolock 12 API calls 19757->19759 19760 7ff60f2f14c0 19758->19760 19766 7ff60f2f14c7 _get_daylight 19758->19766 19765 7ff60f2f14b9 19759->19765 19761 7ff60f2eb4ec __free_lconv_mon 11 API calls 19760->19761 19761->19765 19762 7ff60f2f14cd 19764 7ff60f2e5aa4 _get_daylight 11 API calls 19762->19764 19763 7ff60f2f14fa HeapReAlloc 19763->19765 19763->19766 19764->19765 19765->19427 19766->19762 19766->19763 19767 7ff60f2f41e0 _get_daylight 2 API calls 19766->19767 19767->19766 19769 7ff60f2e9d95 19768->19769 19776 7ff60f2e9d91 19768->19776 19789 7ff60f2f368c GetEnvironmentStringsW 19769->19789 19772 7ff60f2e9da2 19774 7ff60f2eb4ec __free_lconv_mon 11 API calls 19772->19774 19773 7ff60f2e9dae 19796 7ff60f2e9efc 19773->19796 19774->19776 19776->19451 19781 7ff60f2ea13c 19776->19781 19778 7ff60f2eb4ec __free_lconv_mon 11 API calls 19779 7ff60f2e9dd5 19778->19779 19780 7ff60f2eb4ec __free_lconv_mon 11 API calls 19779->19780 19780->19776 19782 7ff60f2ea15f 19781->19782 19783 7ff60f2ea176 19781->19783 19782->19451 19783->19782 19784 7ff60f2ef738 _get_daylight 11 API calls 19783->19784 19785 7ff60f2f01e0 MultiByteToWideChar _fread_nolock 19783->19785 19786 7ff60f2ea1ea 19783->19786 19788 7ff60f2eb4ec __free_lconv_mon 11 API calls 19783->19788 19784->19783 19785->19783 19787 7ff60f2eb4ec __free_lconv_mon 11 API calls 19786->19787 19787->19782 19788->19783 19790 7ff60f2e9d9a 19789->19790 19791 7ff60f2f36b0 19789->19791 19790->19772 19790->19773 19792 7ff60f2ee19c _fread_nolock 12 API calls 19791->19792 19794 7ff60f2f36e7 memcpy_s 19792->19794 19793 7ff60f2eb4ec __free_lconv_mon 11 API calls 19795 7ff60f2f3707 FreeEnvironmentStringsW 19793->19795 19794->19793 19795->19790 19797 7ff60f2e9f24 19796->19797 19798 7ff60f2ef738 _get_daylight 11 API calls 19797->19798 19799 7ff60f2e9f5f 19798->19799 19801 7ff60f2e9fe1 19799->19801 19804 7ff60f2ef738 _get_daylight 11 API calls 19799->19804 19805 7ff60f2e9fd0 19799->19805 19806 7ff60f2f1434 _wfindfirst32i64 37 API calls 19799->19806 19809 7ff60f2ea004 19799->19809 19812 7ff60f2eb4ec __free_lconv_mon 11 API calls 19799->19812 19813 7ff60f2e9f67 19799->19813 19800 7ff60f2eb4ec __free_lconv_mon 11 API calls 19803 7ff60f2e9db6 19800->19803 19802 7ff60f2eb4ec __free_lconv_mon 11 API calls 19801->19802 19802->19803 19803->19778 19804->19799 19807 7ff60f2ea018 11 API calls 19805->19807 19806->19799 19808 7ff60f2e9fd8 19807->19808 19810 7ff60f2eb4ec __free_lconv_mon 11 API calls 19808->19810 19811 7ff60f2eb4a4 _wfindfirst32i64 17 API calls 19809->19811 19810->19813 19814 7ff60f2ea016 19811->19814 19812->19799 19813->19800 19817 7ff60f2f99e9 __crtLCMapStringW 19815->19817 19816 7ff60f2f7f9e 19816->19475 19816->19476 19817->19816 19818 7ff60f2efa08 6 API calls 19817->19818 19818->19816 20842 7ff60f2fbc14 20845 7ff60f2e5958 LeaveCriticalSection 20842->20845 16085 7ff60f2db390 16086 7ff60f2db3be 16085->16086 16087 7ff60f2db3a5 16085->16087 16087->16086 16090 7ff60f2ee19c 16087->16090 16091 7ff60f2ee1e7 16090->16091 16096 7ff60f2ee1ab _get_daylight 16090->16096 16100 7ff60f2e5aa4 16091->16100 16092 7ff60f2ee1ce RtlAllocateHeap 16094 7ff60f2db41c 16092->16094 16092->16096 16096->16091 16096->16092 16097 7ff60f2f41e0 16096->16097 16103 7ff60f2f4220 16097->16103 16109 7ff60f2ebe68 GetLastError 16100->16109 16102 7ff60f2e5aad 16102->16094 16108 7ff60f2f1298 EnterCriticalSection 16103->16108 16110 7ff60f2ebea9 FlsSetValue 16109->16110 16113 7ff60f2ebe8c 16109->16113 16111 7ff60f2ebebb 16110->16111 16123 7ff60f2ebe99 SetLastError 16110->16123 16126 7ff60f2ef738 16111->16126 16113->16110 16113->16123 16116 7ff60f2ebee8 FlsSetValue 16119 7ff60f2ebef4 FlsSetValue 16116->16119 16120 7ff60f2ebf06 16116->16120 16117 7ff60f2ebed8 FlsSetValue 16118 7ff60f2ebee1 16117->16118 16133 7ff60f2eb4ec 16118->16133 16119->16118 16139 7ff60f2eba98 16120->16139 16123->16102 16132 7ff60f2ef749 _get_daylight 16126->16132 16127 7ff60f2ef79a 16129 7ff60f2e5aa4 _get_daylight 10 API calls 16127->16129 16128 7ff60f2ef77e RtlAllocateHeap 16130 7ff60f2ebeca 16128->16130 16128->16132 16129->16130 16130->16116 16130->16117 16131 7ff60f2f41e0 _get_daylight 2 API calls 16131->16132 16132->16127 16132->16128 16132->16131 16134 7ff60f2eb4f1 RtlRestoreThreadPreferredUILanguages 16133->16134 16138 7ff60f2eb520 16133->16138 16135 7ff60f2eb50c GetLastError 16134->16135 16134->16138 16136 7ff60f2eb519 __free_lconv_mon 16135->16136 16137 7ff60f2e5aa4 _get_daylight 9 API calls 16136->16137 16137->16138 16138->16123 16144 7ff60f2eb970 16139->16144 16156 7ff60f2f1298 EnterCriticalSection 16144->16156 19943 7ff60f2fba8e 19944 7ff60f2fba9e 19943->19944 19947 7ff60f2e5958 LeaveCriticalSection 19944->19947 20669 7ff60f2d9b8b 20670 7ff60f2d9b9e 20669->20670 20672 7ff60f2d9b91 20669->20672 20671 7ff60f2db640 12 API calls 20670->20671 20670->20672 20671->20672 20298 7ff60f2f2300 20309 7ff60f2f8294 20298->20309 20310 7ff60f2f82a1 20309->20310 20311 7ff60f2eb4ec __free_lconv_mon 11 API calls 20310->20311 20312 7ff60f2f82bd 20310->20312 20311->20310 20313 7ff60f2eb4ec __free_lconv_mon 11 API calls 20312->20313 20314 7ff60f2f2309 20312->20314 20313->20312 20315 7ff60f2f1298 EnterCriticalSection 20314->20315

                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                      Function 00007FF60F2F6950 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 111 7ff60f2f6950-7ff60f2f698b call 7ff60f2f62d8 call 7ff60f2f62e0 call 7ff60f2f6348 118 7ff60f2f6bb5-7ff60f2f6c01 call 7ff60f2eb4a4 call 7ff60f2f62d8 call 7ff60f2f62e0 call 7ff60f2f6348 111->118 119 7ff60f2f6991-7ff60f2f699c call 7ff60f2f62e8 111->119 146 7ff60f2f6d3f-7ff60f2f6dad call 7ff60f2eb4a4 call 7ff60f2f21c8 118->146 147 7ff60f2f6c07-7ff60f2f6c12 call 7ff60f2f62e8 118->147 119->118 124 7ff60f2f69a2-7ff60f2f69ac 119->124 126 7ff60f2f69ce-7ff60f2f69d2 124->126 127 7ff60f2f69ae-7ff60f2f69b1 124->127 130 7ff60f2f69d5-7ff60f2f69dd 126->130 129 7ff60f2f69b4-7ff60f2f69bf 127->129 132 7ff60f2f69c1-7ff60f2f69c8 129->132 133 7ff60f2f69ca-7ff60f2f69cc 129->133 130->130 134 7ff60f2f69df-7ff60f2f69f2 call 7ff60f2ee19c 130->134 132->129 132->133 133->126 136 7ff60f2f69fb-7ff60f2f6a09 133->136 141 7ff60f2f69f4-7ff60f2f69f6 call 7ff60f2eb4ec 134->141 142 7ff60f2f6a0a-7ff60f2f6a16 call 7ff60f2eb4ec 134->142 141->136 153 7ff60f2f6a1d-7ff60f2f6a25 142->153 165 7ff60f2f6daf-7ff60f2f6db6 146->165 166 7ff60f2f6dbb-7ff60f2f6dbe 146->166 147->146 154 7ff60f2f6c18-7ff60f2f6c23 call 7ff60f2f6318 147->154 153->153 156 7ff60f2f6a27-7ff60f2f6a38 call 7ff60f2f1434 153->156 154->146 164 7ff60f2f6c29-7ff60f2f6c4c call 7ff60f2eb4ec GetTimeZoneInformation 154->164 156->118 163 7ff60f2f6a3e-7ff60f2f6a94 call 7ff60f2fb380 * 4 call 7ff60f2f686c 156->163 224 7ff60f2f6a96-7ff60f2f6a9a 163->224 179 7ff60f2f6d14-7ff60f2f6d3e call 7ff60f2f62d0 call 7ff60f2f62c0 call 7ff60f2f62c8 164->179 180 7ff60f2f6c52-7ff60f2f6c73 164->180 167 7ff60f2f6e4b-7ff60f2f6e4e 165->167 168 7ff60f2f6df5-7ff60f2f6e08 call 7ff60f2ee19c 166->168 169 7ff60f2f6dc0 166->169 172 7ff60f2f6dc3 call 7ff60f2f6bcc 167->172 175 7ff60f2f6e54-7ff60f2f6e5c call 7ff60f2f6950 167->175 189 7ff60f2f6e13-7ff60f2f6e2e call 7ff60f2f21c8 168->189 190 7ff60f2f6e0a 168->190 169->172 183 7ff60f2f6dc8-7ff60f2f6df4 call 7ff60f2eb4ec call 7ff60f2dbe00 172->183 175->183 185 7ff60f2f6c75-7ff60f2f6c7b 180->185 186 7ff60f2f6c7e-7ff60f2f6c85 180->186 185->186 194 7ff60f2f6c99 186->194 195 7ff60f2f6c87-7ff60f2f6c8f 186->195 205 7ff60f2f6e35-7ff60f2f6e47 call 7ff60f2eb4ec 189->205 206 7ff60f2f6e30-7ff60f2f6e33 189->206 197 7ff60f2f6e0c-7ff60f2f6e11 call 7ff60f2eb4ec 190->197 201 7ff60f2f6c9b-7ff60f2f6d0f call 7ff60f2fb380 * 4 call 7ff60f2f37ac call 7ff60f2f6e64 * 2 194->201 195->194 202 7ff60f2f6c91-7ff60f2f6c97 195->202 197->169 201->179 202->201 205->167 206->197 226 7ff60f2f6aa0-7ff60f2f6aa4 224->226 227 7ff60f2f6a9c 224->227 226->224 228 7ff60f2f6aa6-7ff60f2f6acb call 7ff60f2e764c 226->228 227->226 234 7ff60f2f6ace-7ff60f2f6ad2 228->234 236 7ff60f2f6ad4-7ff60f2f6adf 234->236 237 7ff60f2f6ae1-7ff60f2f6ae5 234->237 236->237 239 7ff60f2f6ae7-7ff60f2f6aeb 236->239 237->234 241 7ff60f2f6b6c-7ff60f2f6b70 239->241 242 7ff60f2f6aed-7ff60f2f6b15 call 7ff60f2e764c 239->242 244 7ff60f2f6b72-7ff60f2f6b74 241->244 245 7ff60f2f6b77-7ff60f2f6b84 241->245 251 7ff60f2f6b33-7ff60f2f6b37 242->251 252 7ff60f2f6b17 242->252 244->245 247 7ff60f2f6b9f-7ff60f2f6bae call 7ff60f2f62d0 call 7ff60f2f62c0 245->247 248 7ff60f2f6b86-7ff60f2f6b9c call 7ff60f2f686c 245->248 247->118 248->247 251->241 257 7ff60f2f6b39-7ff60f2f6b57 call 7ff60f2e764c 251->257 255 7ff60f2f6b1a-7ff60f2f6b21 252->255 255->251 258 7ff60f2f6b23-7ff60f2f6b31 255->258 263 7ff60f2f6b63-7ff60f2f6b6a 257->263 258->251 258->255 263->241 264 7ff60f2f6b59-7ff60f2f6b5d 263->264 264->241 265 7ff60f2f6b5f 264->265 265->263
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6995
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2F62E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2F62FC
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4EC: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB502
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4EC: GetLastError.KERNEL32(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB50C
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4A4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF60F2EB483,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EB4AD
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4A4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF60F2EB483,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EB4D2
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6984
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2F6348: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2F635C
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6BFA
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6C0B
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6C1C
                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF60F2F6E5C), ref: 00007FF60F2F6C43
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
                                                                                                                                                                                                                      • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                                                      • API String ID: 1458651798-690618308
                                                                                                                                                                                                                      • Opcode ID: 6ec15ad00ebc81b5713ed5170bbebc68efdd6324f1cef62f169a4dbf8db42b45
                                                                                                                                                                                                                      • Instruction ID: 7e30ded38c19ea709f926d292bae2b9129415cb9a4d6757e2d227f2f24d09b97
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ec15ad00ebc81b5713ed5170bbebc68efdd6324f1cef62f169a4dbf8db42b45
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CD10422E6C20386EBA4DFA1DA505B93B61FF84794F608135EA0DC7A86DF3CE449C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F789C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 444 7ff60f2f789c-7ff60f2f790f call 7ff60f2f75d0 447 7ff60f2f7911-7ff60f2f791a call 7ff60f2e5a84 444->447 448 7ff60f2f7929-7ff60f2f7933 call 7ff60f2e8a14 444->448 453 7ff60f2f791d-7ff60f2f7924 call 7ff60f2e5aa4 447->453 454 7ff60f2f7935-7ff60f2f794c call 7ff60f2e5a84 call 7ff60f2e5aa4 448->454 455 7ff60f2f794e-7ff60f2f79b7 CreateFileW 448->455 468 7ff60f2f7c6a-7ff60f2f7c8a 453->468 454->453 456 7ff60f2f7a34-7ff60f2f7a3f GetFileType 455->456 457 7ff60f2f79b9-7ff60f2f79bf 455->457 463 7ff60f2f7a92-7ff60f2f7a99 456->463 464 7ff60f2f7a41-7ff60f2f7a7c GetLastError call 7ff60f2e5a18 CloseHandle 456->464 460 7ff60f2f7a01-7ff60f2f7a2f GetLastError call 7ff60f2e5a18 457->460 461 7ff60f2f79c1-7ff60f2f79c5 457->461 460->453 461->460 466 7ff60f2f79c7-7ff60f2f79ff CreateFileW 461->466 471 7ff60f2f7aa1-7ff60f2f7aa4 463->471 472 7ff60f2f7a9b-7ff60f2f7a9f 463->472 464->453 479 7ff60f2f7a82-7ff60f2f7a8d call 7ff60f2e5aa4 464->479 466->456 466->460 473 7ff60f2f7aaa-7ff60f2f7aff call 7ff60f2e892c 471->473 474 7ff60f2f7aa6 471->474 472->473 482 7ff60f2f7b01-7ff60f2f7b0d call 7ff60f2f77d8 473->482 483 7ff60f2f7b1e-7ff60f2f7b4f call 7ff60f2f7350 473->483 474->473 479->453 482->483 489 7ff60f2f7b0f 482->489 490 7ff60f2f7b55-7ff60f2f7b97 483->490 491 7ff60f2f7b51-7ff60f2f7b53 483->491 492 7ff60f2f7b11-7ff60f2f7b19 call 7ff60f2eb664 489->492 493 7ff60f2f7bb9-7ff60f2f7bc4 490->493 494 7ff60f2f7b99-7ff60f2f7b9d 490->494 491->492 492->468 496 7ff60f2f7bca-7ff60f2f7bce 493->496 497 7ff60f2f7c68 493->497 494->493 495 7ff60f2f7b9f-7ff60f2f7bb4 494->495 495->493 496->497 499 7ff60f2f7bd4-7ff60f2f7c19 CloseHandle CreateFileW 496->499 497->468 501 7ff60f2f7c4e-7ff60f2f7c63 499->501 502 7ff60f2f7c1b-7ff60f2f7c49 GetLastError call 7ff60f2e5a18 call 7ff60f2e8b54 499->502 501->497 502->501
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                                                      • Opcode ID: ed7bb29f19db96d6df9cef71716606d4f492670f90b16f42eaf9bff86babf69b
                                                                                                                                                                                                                      • Instruction ID: f8e1c05f5825aa343cc7f11ee297e2a3df8ad4e5609774512c9f3ad8d01a5573
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed7bb29f19db96d6df9cef71716606d4f492670f90b16f42eaf9bff86babf69b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10C1D132B28A4385EB50CFA4C5916AC3761FB49BA8F251239DE2EDB794DF38D159C340
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D7950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF60F2D153F), ref: 00007FF60F2D79E7
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D7B60: GetEnvironmentVariableW.KERNEL32(00007FF60F2D39FF), ref: 00007FF60F2D7B9A
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D7B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF60F2D7BB7
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2E83CC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2E83E5
                                                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32 ref: 00007FF60F2D7AA1
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D2B10: MessageBoxW.USER32 ref: 00007FF60F2D2BE5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                      • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                      • Opcode ID: e057604ef5ae04b1254e96d733363070edff49d948fdfc301b4bb17ef8af4aef
                                                                                                                                                                                                                      • Instruction ID: 242b06f5e327704ccd44d5db4f7bf4ff2ed3f4a3740a8d3d689a8f93d3fd86ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e057604ef5ae04b1254e96d733363070edff49d948fdfc301b4bb17ef8af4aef
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E51A021B1D61341FA59A7B6AA222FE5351DF85BC0F784031EE0ECB7D6ED2CE4028740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DA55D Relevance: 12.0, Strings: 9, Instructions: 745COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                      • API String ID: 0-2665694366
                                                                                                                                                                                                                      • Opcode ID: 212d86a86c8cb6d9fc903fcdabd382662a83ce4cb1445b9d6573bc2018cf14a4
                                                                                                                                                                                                                      • Instruction ID: 4ea2e1d367fefaf1bacb215d74ff644c06eebc43ef816fab48adefe6da884b89
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 212d86a86c8cb6d9fc903fcdabd382662a83ce4cb1445b9d6573bc2018cf14a4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9952C072A186A68BE7A48F54C558A7E3BA9FF84340F214139E68AC7781DF3DD944CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F6BCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 905 7ff60f2f6bcc-7ff60f2f6c01 call 7ff60f2f62d8 call 7ff60f2f62e0 call 7ff60f2f6348 912 7ff60f2f6d3f-7ff60f2f6dad call 7ff60f2eb4a4 call 7ff60f2f21c8 905->912 913 7ff60f2f6c07-7ff60f2f6c12 call 7ff60f2f62e8 905->913 925 7ff60f2f6daf-7ff60f2f6db6 912->925 926 7ff60f2f6dbb-7ff60f2f6dbe 912->926 913->912 918 7ff60f2f6c18-7ff60f2f6c23 call 7ff60f2f6318 913->918 918->912 924 7ff60f2f6c29-7ff60f2f6c4c call 7ff60f2eb4ec GetTimeZoneInformation 918->924 936 7ff60f2f6d14-7ff60f2f6d3e call 7ff60f2f62d0 call 7ff60f2f62c0 call 7ff60f2f62c8 924->936 937 7ff60f2f6c52-7ff60f2f6c73 924->937 927 7ff60f2f6e4b-7ff60f2f6e4e 925->927 928 7ff60f2f6df5-7ff60f2f6e08 call 7ff60f2ee19c 926->928 929 7ff60f2f6dc0 926->929 931 7ff60f2f6dc3 call 7ff60f2f6bcc 927->931 933 7ff60f2f6e54-7ff60f2f6e5c call 7ff60f2f6950 927->933 945 7ff60f2f6e13-7ff60f2f6e2e call 7ff60f2f21c8 928->945 946 7ff60f2f6e0a 928->946 929->931 940 7ff60f2f6dc8-7ff60f2f6df4 call 7ff60f2eb4ec call 7ff60f2dbe00 931->940 933->940 941 7ff60f2f6c75-7ff60f2f6c7b 937->941 942 7ff60f2f6c7e-7ff60f2f6c85 937->942 941->942 949 7ff60f2f6c99 942->949 950 7ff60f2f6c87-7ff60f2f6c8f 942->950 959 7ff60f2f6e35-7ff60f2f6e47 call 7ff60f2eb4ec 945->959 960 7ff60f2f6e30-7ff60f2f6e33 945->960 952 7ff60f2f6e0c-7ff60f2f6e11 call 7ff60f2eb4ec 946->952 955 7ff60f2f6c9b-7ff60f2f6d0f call 7ff60f2fb380 * 4 call 7ff60f2f37ac call 7ff60f2f6e64 * 2 949->955 950->949 956 7ff60f2f6c91-7ff60f2f6c97 950->956 952->929 955->936 956->955 959->927 960->952
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6BFA
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2F6348: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2F635C
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6C0B
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2F62E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2F62FC
                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF60F2F6C1C
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2F6318: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2F632C
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4EC: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB502
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4EC: GetLastError.KERNEL32(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB50C
                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF60F2F6E5C), ref: 00007FF60F2F6C43
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
                                                                                                                                                                                                                      • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                                                      • API String ID: 2248164782-690618308
                                                                                                                                                                                                                      • Opcode ID: 6e110c42c992c942a967616de5e9b20753deb8e2725d4993c570f78644da606e
                                                                                                                                                                                                                      • Instruction ID: ba5bc5379f18d6e525aec9c093682f9db70c593e7b5531ec088f75f7126366f0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e110c42c992c942a967616de5e9b20753deb8e2725d4993c570f78644da606e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0351F632A6C64386E7A4DFB1EA915BA7B60FF48784F604135EA4DC7A92DF3CE4058740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D9D2B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                      • API String ID: 0-1127688429
                                                                                                                                                                                                                      • Opcode ID: 326cf6427d5bf0e9376a5910f25170e202e1497fb5a723acb88e47d2bece8f14
                                                                                                                                                                                                                      • Instruction ID: 942f8c2174e5fcb79fd42f2eb11df32ed679999e52285a44057de87351fac543
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 326cf6427d5bf0e9376a5910f25170e202e1497fb5a723acb88e47d2bece8f14
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CF18E62A1C3D68BE7A58B55C588F3A7BADEF45740F254538EA4987391CF3CE580CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D9B8B Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                      • API String ID: 0-900081337
                                                                                                                                                                                                                      • Opcode ID: eff0553be1f10ec537251e961509bf2a8d4d677e3d27bfe4c15f043eb5d22666
                                                                                                                                                                                                                      • Instruction ID: 5fc2aa70132939d73c06343d66cd165447a29549896062d17366014664390ae4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eff0553be1f10ec537251e961509bf2a8d4d677e3d27bfe4c15f043eb5d22666
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5916372A1C2C78BE7A58A55D55CB3E3BADFF45354F224139DA4A866C0CF38E584CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F1518 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1010374628-0
                                                                                                                                                                                                                      • Opcode ID: b5863b0e76eff850d7b7295b24006a60e5fa0af5a40ac2c01bab6196f7d1e59a
                                                                                                                                                                                                                      • Instruction ID: cf5341d0fe31b1e72224de53a402f6a4193f066117d281ba4adcf01803e74a98
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5863b0e76eff850d7b7295b24006a60e5fa0af5a40ac2c01bab6196f7d1e59a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A02D321F6D643C1FEA4ABA196102792784EF41BA4FB84635DD6DCB3D2EE3CE4258340
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D1700 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 0 7ff60f2d1700-7ff60f2d1714 1 7ff60f2d172e-7ff60f2d1732 0->1 2 7ff60f2d1716-7ff60f2d172d call 7ff60f2d2b10 0->2 4 7ff60f2d1734-7ff60f2d173d call 7ff60f2d12a0 1->4 5 7ff60f2d1758-7ff60f2d177b call 7ff60f2d7c10 1->5 11 7ff60f2d174f-7ff60f2d1757 4->11 12 7ff60f2d173f-7ff60f2d174a call 7ff60f2d2b10 4->12 13 7ff60f2d177d-7ff60f2d17a8 call 7ff60f2d2870 5->13 14 7ff60f2d17a9-7ff60f2d17c4 call 7ff60f2d3fc0 5->14 12->11 20 7ff60f2d17de-7ff60f2d17f1 call 7ff60f2e0df4 14->20 21 7ff60f2d17c6-7ff60f2d17d9 call 7ff60f2d2b10 14->21 27 7ff60f2d1813-7ff60f2d1817 20->27 28 7ff60f2d17f3-7ff60f2d180e call 7ff60f2d2870 20->28 26 7ff60f2d191f-7ff60f2d1922 call 7ff60f2e076c 21->26 34 7ff60f2d1927-7ff60f2d193e 26->34 31 7ff60f2d1831-7ff60f2d1851 call 7ff60f2e5570 27->31 32 7ff60f2d1819-7ff60f2d1825 call 7ff60f2d1050 27->32 37 7ff60f2d1917-7ff60f2d191a call 7ff60f2e076c 28->37 41 7ff60f2d1872-7ff60f2d1878 31->41 42 7ff60f2d1853-7ff60f2d186d call 7ff60f2d2870 31->42 38 7ff60f2d182a-7ff60f2d182c 32->38 37->26 38->37 43 7ff60f2d1905-7ff60f2d1908 call 7ff60f2e555c 41->43 44 7ff60f2d187e-7ff60f2d1887 41->44 49 7ff60f2d190d-7ff60f2d1912 42->49 43->49 47 7ff60f2d1890-7ff60f2d18b2 call 7ff60f2e0abc 44->47 52 7ff60f2d18b4-7ff60f2d18cc call 7ff60f2e11fc 47->52 53 7ff60f2d18e5-7ff60f2d18ec 47->53 49->37 58 7ff60f2d18d5-7ff60f2d18e3 52->58 59 7ff60f2d18ce-7ff60f2d18d1 52->59 55 7ff60f2d18f3-7ff60f2d18fb call 7ff60f2d2870 53->55 62 7ff60f2d1900 55->62 58->55 59->47 61 7ff60f2d18d3 59->61 61->62 62->43
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                      • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                      • Opcode ID: d55a3bb18525a70b9b2b2557ea207e582d919804bc1eb382b6fe2697bdb01bd8
                                                                                                                                                                                                                      • Instruction ID: f7e77d106ec01eb8aac99eeb7103dde0e9bf1b6f00b49404dbe03ae3947f62e1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d55a3bb18525a70b9b2b2557ea207e582d919804bc1eb382b6fe2697bdb01bd8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1651AA21B9C64782FA119BA1EA102B96391FF44BD4FA44031DE4DC7BE6EF7CE6598700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D1A90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _fread_nolock$Message
                                                                                                                                                                                                                      • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                      • API String ID: 677216364-1384898525
                                                                                                                                                                                                                      • Opcode ID: 07cc20a2b33aacd18d6664eac90ddf4e3b3ce11355d0cc633b53b8b45052df31
                                                                                                                                                                                                                      • Instruction ID: 73a217d2fec90ed8b0d36f4fedb8e306d59f0bd182bc62e598d6ae6686928a4e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07cc20a2b33aacd18d6664eac90ddf4e3b3ce11355d0cc633b53b8b45052df31
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B51AE72A1D64386EB64DFA4E65017833A0EF48B84F718136DA0CC7BA5DE7CE554CB44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D1000 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 269COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 266 7ff60f2d1000-7ff60f2d39b6 call 7ff60f2e0540 call 7ff60f2e0538 call 7ff60f2d87a0 call 7ff60f2e0538 call 7ff60f2dbda0 call 7ff60f2e58d0 call 7ff60f2e64d8 call 7ff60f2d1ea0 284 7ff60f2d3b5f 266->284 285 7ff60f2d39bc-7ff60f2d39cc call 7ff60f2d3eb0 266->285 287 7ff60f2d3b64-7ff60f2d3b84 call 7ff60f2dbe00 284->287 285->284 291 7ff60f2d39d2-7ff60f2d39e5 call 7ff60f2d3d80 285->291 291->284 294 7ff60f2d39eb-7ff60f2d3a12 call 7ff60f2d7b60 291->294 297 7ff60f2d3a54-7ff60f2d3a7c call 7ff60f2d8040 call 7ff60f2d1ca0 294->297 298 7ff60f2d3a14-7ff60f2d3a23 call 7ff60f2d7b60 294->298 308 7ff60f2d3a82-7ff60f2d3a98 call 7ff60f2d1ca0 297->308 309 7ff60f2d3b2d-7ff60f2d3b3e 297->309 298->297 303 7ff60f2d3a25-7ff60f2d3a2b 298->303 306 7ff60f2d3a2d-7ff60f2d3a35 303->306 307 7ff60f2d3a37-7ff60f2d3a51 call 7ff60f2e555c call 7ff60f2d8040 303->307 306->307 307->297 320 7ff60f2d3a9a-7ff60f2d3ab2 call 7ff60f2d2b10 308->320 321 7ff60f2d3ab7-7ff60f2d3aba 308->321 312 7ff60f2d3b92-7ff60f2d3b95 309->312 313 7ff60f2d3b40-7ff60f2d3b47 309->313 316 7ff60f2d3bab-7ff60f2d3bc3 call 7ff60f2d8bd0 312->316 317 7ff60f2d3b97-7ff60f2d3b9d 312->317 313->312 318 7ff60f2d3b49-7ff60f2d3b51 call 7ff60f2d8970 313->318 334 7ff60f2d3bc5-7ff60f2d3bcc 316->334 335 7ff60f2d3bce-7ff60f2d3bd5 SetDllDirectoryW 316->335 322 7ff60f2d3b9f-7ff60f2d3ba9 317->322 323 7ff60f2d3bdb-7ff60f2d3be8 call 7ff60f2d6de0 317->323 336 7ff60f2d3b53 318->336 337 7ff60f2d3b85-7ff60f2d3b88 call 7ff60f2d14e0 318->337 320->284 321->309 328 7ff60f2d3abc-7ff60f2d3ad3 call 7ff60f2d3fc0 321->328 322->316 322->323 342 7ff60f2d3c33-7ff60f2d3c38 call 7ff60f2d6d60 323->342 343 7ff60f2d3bea-7ff60f2d3bf7 call 7ff60f2d6a90 323->343 346 7ff60f2d3ad5-7ff60f2d3ad8 328->346 347 7ff60f2d3ada-7ff60f2d3b06 call 7ff60f2d82b0 328->347 341 7ff60f2d3b5a call 7ff60f2d2b10 334->341 335->323 336->341 345 7ff60f2d3b8d-7ff60f2d3b90 337->345 341->284 353 7ff60f2d3c3d-7ff60f2d3c40 342->353 343->342 356 7ff60f2d3bf9-7ff60f2d3c08 call 7ff60f2d65f0 343->356 345->284 345->312 351 7ff60f2d3b15-7ff60f2d3b2b call 7ff60f2d2b10 346->351 347->309 363 7ff60f2d3b08-7ff60f2d3b10 call 7ff60f2e076c 347->363 351->284 354 7ff60f2d3ce6-7ff60f2d3cf5 call 7ff60f2d34a0 353->354 355 7ff60f2d3c46-7ff60f2d3c50 353->355 354->284 374 7ff60f2d3cfb-7ff60f2d3d32 call 7ff60f2d8940 call 7ff60f2d7fd0 call 7ff60f2d7b60 call 7ff60f2d3600 call 7ff60f2d8080 354->374 359 7ff60f2d3c53-7ff60f2d3c5d 355->359 372 7ff60f2d3c0a-7ff60f2d3c16 call 7ff60f2d6570 356->372 373 7ff60f2d3c29-7ff60f2d3c2e call 7ff60f2d6840 356->373 365 7ff60f2d3c5f-7ff60f2d3c64 359->365 366 7ff60f2d3c66-7ff60f2d3c68 359->366 363->351 365->359 365->366 370 7ff60f2d3cb1-7ff60f2d3ce1 call 7ff60f2d3600 call 7ff60f2d3440 call 7ff60f2d35f0 call 7ff60f2d6840 call 7ff60f2d6d60 366->370 371 7ff60f2d3c6a-7ff60f2d3c8d call 7ff60f2d1ee0 366->371 370->287 371->284 384 7ff60f2d3c93-7ff60f2d3c9d 371->384 372->373 385 7ff60f2d3c18-7ff60f2d3c27 call 7ff60f2d6c30 372->385 373->342 403 7ff60f2d3d37-7ff60f2d3d54 call 7ff60f2d6840 call 7ff60f2d6d60 374->403 388 7ff60f2d3ca0-7ff60f2d3caf 384->388 385->353 388->370 388->388 409 7ff60f2d3d62-7ff60f2d3d6c call 7ff60f2d1e70 403->409 410 7ff60f2d3d56-7ff60f2d3d5d call 7ff60f2d7d40 403->410 409->287 410->409
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D3EB0: GetModuleFileNameW.KERNEL32(?,00007FF60F2D39CA), ref: 00007FF60F2D3EE1
                                                                                                                                                                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF60F2D3BD5
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D7B60: GetEnvironmentVariableW.KERNEL32(00007FF60F2D39FF), ref: 00007FF60F2D7B9A
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D7B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF60F2D7BB7
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                      • API String ID: 2344891160-1544818733
                                                                                                                                                                                                                      • Opcode ID: 05ccc4608ae1f2b801c553dda0a2b76bbe43c7cfa91e7e1f4e1393a277404af1
                                                                                                                                                                                                                      • Instruction ID: 16eaf37c30bfe70a404c48f6f2de27f2f232e6b031c17df41d1020c8471343ea
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05ccc4608ae1f2b801c553dda0a2b76bbe43c7cfa91e7e1f4e1393a277404af1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26B19021B1D68741FA65EBE1D6612FD6350FF44784FA00132EA8DC76D6EF2CE9058701
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                      • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                      • Opcode ID: 3741643826c5352320942fbf43c5de1d0e179915c125a0ccfc2097356f541c1c
                                                                                                                                                                                                                      • Instruction ID: a0fdd35b169d7c0d24983a2ec9c91b5128a15425c9497e5dde604cf053f8258d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3741643826c5352320942fbf43c5de1d0e179915c125a0ccfc2097356f541c1c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E416331A0CB8781EA20DBB4E5552AAB3A4FF95364F600735E6AD83BD5EF7CD0448B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                      • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                      • Opcode ID: eb50d3103dc817efa6b069c075214c6c92ee31f3f0f975e76922e375200ac054
                                                                                                                                                                                                                      • Instruction ID: 010c4e55295a43e04b0c55b19431653b69215225fa1fe1a8d76ca8b80bcd7b6c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb50d3103dc817efa6b069c075214c6c92ee31f3f0f975e76922e375200ac054
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F51DC22A0C68381FA60AB91A6503BA7391FF84794F684135EE8DC7BD5EF3CE555C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EC5FC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 792 7ff60f2ec5fc-7ff60f2ec622 793 7ff60f2ec624-7ff60f2ec638 call 7ff60f2e5a84 call 7ff60f2e5aa4 792->793 794 7ff60f2ec63d-7ff60f2ec641 792->794 812 7ff60f2eca2e 793->812 796 7ff60f2eca17-7ff60f2eca23 call 7ff60f2e5a84 call 7ff60f2e5aa4 794->796 797 7ff60f2ec647-7ff60f2ec64e 794->797 814 7ff60f2eca29 call 7ff60f2eb484 796->814 797->796 800 7ff60f2ec654-7ff60f2ec682 797->800 800->796 801 7ff60f2ec688-7ff60f2ec68f 800->801 804 7ff60f2ec691-7ff60f2ec6a3 call 7ff60f2e5a84 call 7ff60f2e5aa4 801->804 805 7ff60f2ec6a8-7ff60f2ec6ab 801->805 804->814 810 7ff60f2eca13-7ff60f2eca15 805->810 811 7ff60f2ec6b1-7ff60f2ec6b7 805->811 815 7ff60f2eca31-7ff60f2eca48 810->815 811->810 816 7ff60f2ec6bd-7ff60f2ec6c0 811->816 812->815 814->812 816->804 819 7ff60f2ec6c2-7ff60f2ec6e7 816->819 821 7ff60f2ec71a-7ff60f2ec721 819->821 822 7ff60f2ec6e9-7ff60f2ec6eb 819->822 823 7ff60f2ec723-7ff60f2ec74b call 7ff60f2ee19c call 7ff60f2eb4ec * 2 821->823 824 7ff60f2ec6f6-7ff60f2ec70d call 7ff60f2e5a84 call 7ff60f2e5aa4 call 7ff60f2eb484 821->824 825 7ff60f2ec712-7ff60f2ec718 822->825 826 7ff60f2ec6ed-7ff60f2ec6f4 822->826 855 7ff60f2ec74d-7ff60f2ec763 call 7ff60f2e5aa4 call 7ff60f2e5a84 823->855 856 7ff60f2ec768-7ff60f2ec793 call 7ff60f2ece24 823->856 853 7ff60f2ec8a0 824->853 827 7ff60f2ec798-7ff60f2ec7af 825->827 826->824 826->825 830 7ff60f2ec7b1-7ff60f2ec7b9 827->830 831 7ff60f2ec82a-7ff60f2ec834 call 7ff60f2f456c 827->831 830->831 834 7ff60f2ec7bb-7ff60f2ec7bd 830->834 842 7ff60f2ec8be 831->842 843 7ff60f2ec83a-7ff60f2ec84f 831->843 834->831 840 7ff60f2ec7bf-7ff60f2ec7d5 834->840 840->831 845 7ff60f2ec7d7-7ff60f2ec7e3 840->845 851 7ff60f2ec8c3-7ff60f2ec8e3 ReadFile 842->851 843->842 847 7ff60f2ec851-7ff60f2ec863 GetConsoleMode 843->847 845->831 849 7ff60f2ec7e5-7ff60f2ec7e7 845->849 847->842 852 7ff60f2ec865-7ff60f2ec86d 847->852 849->831 854 7ff60f2ec7e9-7ff60f2ec801 849->854 857 7ff60f2ec9dd-7ff60f2ec9e6 GetLastError 851->857 858 7ff60f2ec8e9-7ff60f2ec8f1 851->858 852->851 861 7ff60f2ec86f-7ff60f2ec891 ReadConsoleW 852->861 864 7ff60f2ec8a3-7ff60f2ec8ad call 7ff60f2eb4ec 853->864 854->831 865 7ff60f2ec803-7ff60f2ec80f 854->865 855->853 856->827 862 7ff60f2eca03-7ff60f2eca06 857->862 863 7ff60f2ec9e8-7ff60f2ec9fe call 7ff60f2e5aa4 call 7ff60f2e5a84 857->863 858->857 859 7ff60f2ec8f7 858->859 867 7ff60f2ec8fe-7ff60f2ec913 859->867 869 7ff60f2ec8b2-7ff60f2ec8bc 861->869 870 7ff60f2ec893 GetLastError 861->870 874 7ff60f2eca0c-7ff60f2eca0e 862->874 875 7ff60f2ec899-7ff60f2ec89b call 7ff60f2e5a18 862->875 863->853 864->815 865->831 873 7ff60f2ec811-7ff60f2ec813 865->873 867->864 877 7ff60f2ec915-7ff60f2ec920 867->877 869->867 870->875 873->831 881 7ff60f2ec815-7ff60f2ec825 873->881 874->864 875->853 884 7ff60f2ec922-7ff60f2ec93b call 7ff60f2ec214 877->884 885 7ff60f2ec947-7ff60f2ec94f 877->885 881->831 892 7ff60f2ec940-7ff60f2ec942 884->892 888 7ff60f2ec951-7ff60f2ec963 885->888 889 7ff60f2ec9cb-7ff60f2ec9d8 call 7ff60f2ec054 885->889 893 7ff60f2ec965 888->893 894 7ff60f2ec9be-7ff60f2ec9c6 888->894 889->892 892->864 896 7ff60f2ec96a-7ff60f2ec971 893->896 894->864 897 7ff60f2ec973-7ff60f2ec977 896->897 898 7ff60f2ec9ad-7ff60f2ec9b8 896->898 899 7ff60f2ec993 897->899 900 7ff60f2ec979-7ff60f2ec980 897->900 898->894 902 7ff60f2ec999-7ff60f2ec9a9 899->902 900->899 901 7ff60f2ec982-7ff60f2ec986 900->901 901->899 904 7ff60f2ec988-7ff60f2ec991 901->904 902->896 903 7ff60f2ec9ab 902->903 903->894 904->902
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: 238f6c3964800fec6045ce986a1ebb87f5daa1cce848d40dd7ddd8ba0dfe7067
                                                                                                                                                                                                                      • Instruction ID: 284c644fb5c7d5b0689b41e3345d6242627e3759c6c6af4013fa3479ceba4b1d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 238f6c3964800fec6045ce986a1ebb87f5daa1cce848d40dd7ddd8ba0dfe7067
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3C10522A5C78791EB659BE492442BD3B54FF80B84F790135EA4E8B391EF7CE859C340
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8650 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 995526605-0
                                                                                                                                                                                                                      • Opcode ID: c918f529801ccb8e1349a05ff73b8df97c3be0731630ba5111e5a5e46b36c5ca
                                                                                                                                                                                                                      • Instruction ID: 19df408d4338420134a36a38f1b9753216cb46c5e90045320a717feabd4d0a54
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c918f529801ccb8e1349a05ff73b8df97c3be0731630ba5111e5a5e46b36c5ca
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71216235A4C64382EB508BA5E64057AB3A0EF857B4F301235DA6DC7BE8DF7CD5498B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8970 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: GetCurrentProcess.KERNEL32 ref: 00007FF60F2D8670
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: OpenProcessToken.ADVAPI32 ref: 00007FF60F2D8681
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: GetTokenInformation.KERNELBASE ref: 00007FF60F2D86A6
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: GetLastError.KERNEL32 ref: 00007FF60F2D86B0
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: GetTokenInformation.KERNELBASE ref: 00007FF60F2D86F0
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF60F2D870C
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8650: CloseHandle.KERNEL32 ref: 00007FF60F2D8724
                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00007FF60F2D3B4E), ref: 00007FF60F2D89FC
                                                                                                                                                                                                                      • LocalFree.KERNEL32 ref: 00007FF60F2D8A05
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PATH_MAX!
                                                                                                                                                                                                                      • API String ID: 6828938-1817031585
                                                                                                                                                                                                                      • Opcode ID: 4a0a64217b4c8618eeaa0cd08dc669878e89b812572458f449172cc44ebe3956
                                                                                                                                                                                                                      • Instruction ID: decf8d19d87f4fcf3ce7199430d619015a564130e02de22217b42626822114f8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a0a64217b4c8618eeaa0cd08dc669878e89b812572458f449172cc44ebe3956
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7217C31A5DB4781FA54ABA0EA152FA6361FF84790FA50132EA4EC3796DF3CE5048780
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EDB00 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 1113 7ff60f2edb00-7ff60f2edb25 1114 7ff60f2eddf3 1113->1114 1115 7ff60f2edb2b-7ff60f2edb2e 1113->1115 1116 7ff60f2eddf5-7ff60f2ede05 1114->1116 1117 7ff60f2edb30-7ff60f2edb62 call 7ff60f2eb3b8 1115->1117 1118 7ff60f2edb67-7ff60f2edb93 1115->1118 1117->1116 1119 7ff60f2edb95-7ff60f2edb9c 1118->1119 1120 7ff60f2edb9e-7ff60f2edba4 1118->1120 1119->1117 1119->1120 1122 7ff60f2edbb4-7ff60f2edbc9 call 7ff60f2f456c 1120->1122 1123 7ff60f2edba6-7ff60f2edbaf call 7ff60f2ecec0 1120->1123 1128 7ff60f2edce3-7ff60f2edcec 1122->1128 1129 7ff60f2edbcf-7ff60f2edbd8 1122->1129 1123->1122 1130 7ff60f2edd40-7ff60f2edd65 WriteFile 1128->1130 1131 7ff60f2edcee-7ff60f2edcf4 1128->1131 1129->1128 1132 7ff60f2edbde-7ff60f2edbe2 1129->1132 1133 7ff60f2edd70 1130->1133 1134 7ff60f2edd67-7ff60f2edd6d GetLastError 1130->1134 1135 7ff60f2edd2c-7ff60f2edd3e call 7ff60f2ed5b8 1131->1135 1136 7ff60f2edcf6-7ff60f2edcf9 1131->1136 1137 7ff60f2edbe4-7ff60f2edbec call 7ff60f2e4ee0 1132->1137 1138 7ff60f2edbf3-7ff60f2edbfe 1132->1138 1140 7ff60f2edd73 1133->1140 1134->1133 1156 7ff60f2edcd0-7ff60f2edcd7 1135->1156 1141 7ff60f2edcfb-7ff60f2edcfe 1136->1141 1142 7ff60f2edd18-7ff60f2edd2a call 7ff60f2ed7d8 1136->1142 1137->1138 1144 7ff60f2edc00-7ff60f2edc09 1138->1144 1145 7ff60f2edc0f-7ff60f2edc24 GetConsoleMode 1138->1145 1149 7ff60f2edd78 1140->1149 1150 7ff60f2edd84-7ff60f2edd8e 1141->1150 1151 7ff60f2edd04-7ff60f2edd16 call 7ff60f2ed6bc 1141->1151 1142->1156 1144->1128 1144->1145 1146 7ff60f2edcdc 1145->1146 1147 7ff60f2edc2a-7ff60f2edc30 1145->1147 1146->1128 1154 7ff60f2edcb9-7ff60f2edccb call 7ff60f2ed140 1147->1154 1155 7ff60f2edc36-7ff60f2edc39 1147->1155 1157 7ff60f2edd7d 1149->1157 1158 7ff60f2edd90-7ff60f2edd95 1150->1158 1159 7ff60f2eddec-7ff60f2eddf1 1150->1159 1151->1156 1154->1156 1163 7ff60f2edc44-7ff60f2edc52 1155->1163 1164 7ff60f2edc3b-7ff60f2edc3e 1155->1164 1156->1149 1157->1150 1165 7ff60f2eddc3-7ff60f2eddcd 1158->1165 1166 7ff60f2edd97-7ff60f2edd9a 1158->1166 1159->1116 1170 7ff60f2edc54 1163->1170 1171 7ff60f2edcb0-7ff60f2edcb4 1163->1171 1164->1157 1164->1163 1168 7ff60f2eddd4-7ff60f2edde3 1165->1168 1169 7ff60f2eddcf-7ff60f2eddd2 1165->1169 1172 7ff60f2eddb3-7ff60f2eddbe call 7ff60f2e5a60 1166->1172 1173 7ff60f2edd9c-7ff60f2eddab 1166->1173 1168->1159 1169->1114 1169->1168 1174 7ff60f2edc58-7ff60f2edc6f call 7ff60f2f4638 1170->1174 1171->1140 1172->1165 1173->1172 1179 7ff60f2edc71-7ff60f2edc7d 1174->1179 1180 7ff60f2edca7-7ff60f2edcad GetLastError 1174->1180 1181 7ff60f2edc7f-7ff60f2edc91 call 7ff60f2f4638 1179->1181 1182 7ff60f2edc9c-7ff60f2edca3 1179->1182 1180->1171 1181->1180 1186 7ff60f2edc93-7ff60f2edc9a 1181->1186 1182->1171 1184 7ff60f2edca5 1182->1184 1184->1174 1186->1182
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF60F2EDAEB), ref: 00007FF60F2EDC1C
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF60F2EDAEB), ref: 00007FF60F2EDCA7
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                                                      • Opcode ID: 284863bd4a310ef6da540e9dcdc048057ff4d3a865a35ff47f01b15d00241537
                                                                                                                                                                                                                      • Instruction ID: 5bc2fec3dcdf6f1f03825eace0ca60cca76ddd4ef00a3557e40d69fba433f1ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 284863bd4a310ef6da540e9dcdc048057ff4d3a865a35ff47f01b15d00241537
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C91D162E0C65385F7509FB586402BD3BA0FB44B88FB45139DE0E97A84EF78E482C300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F02CC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4170891091-0
                                                                                                                                                                                                                      • Opcode ID: 20717f0f8a23f829e42a50c12fade424b7597f0ff0c8303254556571f0db49b3
                                                                                                                                                                                                                      • Instruction ID: 4db8a09afc5f84fe0ca6c352f1ffea603a3d05d9c698deb0e6881eefdadde40b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20717f0f8a23f829e42a50c12fade424b7597f0ff0c8303254556571f0db49b3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2951E772F582138BFB64DFA49A556BC2761FB50358F600235DD1ED2AE6DF3CA4498700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E5E34 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2780335769-0
                                                                                                                                                                                                                      • Opcode ID: c83329a2bd18a21367976a5c4af3d00e11dcc87eb128c326a6acb0b8d0e7847d
                                                                                                                                                                                                                      • Instruction ID: 3d5447d45a628bd6609d7e5207eaeadb806cb3cbef6b5d0149d6d38b54ea13b8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c83329a2bd18a21367976a5c4af3d00e11dcc87eb128c326a6acb0b8d0e7847d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33515A22A286428AFB50DFB1D6513BD37A1EF49B58F384135EE0DCB689EF38D4458700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E5CE0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                                                      • Opcode ID: 381f375d345d967458512f251a74178214fc3b76ffcff344aa252820e57b685e
                                                                                                                                                                                                                      • Instruction ID: 639616cfe66f8a939f31612db33c481dc197001dc3c88747ae47cd1170d01780
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 381f375d345d967458512f251a74178214fc3b76ffcff344aa252820e57b685e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9741A422E2C78383E7548BB096553696360FF94768F349334E69C87AD6EF7CA5E48700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DC1BC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3251591375-0
                                                                                                                                                                                                                      • Opcode ID: 6f7f5303e9b22c034abd0ab4f6e45a615f00bbc4bee0f7f82c8393816be5d00e
                                                                                                                                                                                                                      • Instruction ID: 428cbd4c7a5c9681cfc9d9daa6296fe8343101661a1c006b4fea133962917af2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f7f5303e9b22c034abd0ab4f6e45a615f00bbc4bee0f7f82c8393816be5d00e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56317C20E9C24346FE64ABE496563B93381EF91788F745035E90ECB3E7DE2CA408C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8B70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CreateDirectoryMessage
                                                                                                                                                                                                                      • String ID: Security descriptor is not initialized!
                                                                                                                                                                                                                      • API String ID: 73271072-986317556
                                                                                                                                                                                                                      • Opcode ID: c8cf0510d3cf58293c8056e04266fc05212419b77e6f78cec61fc6e6c2a7edb1
                                                                                                                                                                                                                      • Instruction ID: 8c8e5dffa8ca48041509c36e571de64fb8ab407d72608fbf6389ce5df49a3a2f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8cf0510d3cf58293c8056e04266fc05212419b77e6f78cec61fc6e6c2a7edb1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30E092B1A6CB4B86EA509B54E8452693390FB51364FA01334E14CC73E4EF3CD2498B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E085C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: 0dac88cf0a775944b9430c549d2a9299d742971334ab18f9d40f5f6a12522192
                                                                                                                                                                                                                      • Instruction ID: cf8ead13ebc52a801a0b7c7d833d31956af7cf7ee89abaec8778c2a52ad67777
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0dac88cf0a775944b9430c549d2a9299d742971334ab18f9d40f5f6a12522192
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D51EC62B0D24786FA64DEB6960067A6391FF44BB4F344734DEAD877C5EE7CE4028640
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EB6FC Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF60F2EB579,?,?,00000000,00007FF60F2EB62E), ref: 00007FF60F2EB76A
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF60F2EB579,?,?,00000000,00007FF60F2EB62E), ref: 00007FF60F2EB774
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1687624791-0
                                                                                                                                                                                                                      • Opcode ID: e3b73f063bb60367d817196ec2a4f8f6eb52bee7e7896c4ceb0739ce7562b917
                                                                                                                                                                                                                      • Instruction ID: d91e330d992a905f438d61ef2800a45b03d7d5cac5fd49bd985b0691ed8c1e79
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3b73f063bb60367d817196ec2a4f8f6eb52bee7e7896c4ceb0739ce7562b917
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD21D822F0D68341FE9457B0A6902B92392EFC47A4F384235DA2DC77E5EE6CE4948341
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2ECCD4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                                                      • Opcode ID: 62a26f8d1512d31d847f2a475d98554d5a752059faf1bb854899a2cf804e20f8
                                                                                                                                                                                                                      • Instruction ID: cb8dc1579773a4cd1d14e8468968441f6bf4b66765dca887f1cbfaa73bba838f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62a26f8d1512d31d847f2a475d98554d5a752059faf1bb854899a2cf804e20f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD119D6171CA8281DA108BA5A5441697761EB84BF4F780331EA7D8B7D9DE7CD0548740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E5FDC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2E5EF1), ref: 00007FF60F2E600F
                                                                                                                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2E5EF1), ref: 00007FF60F2E6025
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1707611234-0
                                                                                                                                                                                                                      • Opcode ID: 32438027c896fc9b7cfa90544aa36bc1c4b0d83a992ad2bd2587f4ad36304ad4
                                                                                                                                                                                                                      • Instruction ID: 72b2d7eca291bc42c878eba31e0e1d6c814afa76b699bb4401f34b5334c0a695
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32438027c896fc9b7cfa90544aa36bc1c4b0d83a992ad2bd2587f4ad36304ad4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8411517261C66781EB648BA5E51117EB760FB94771F700239FA9DC19D8EF6CD054CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EB4EC Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB502
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB50C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 588628887-0
                                                                                                                                                                                                                      • Opcode ID: c6b9e98d984d24e8bfd8e8ff83776c8447130b112ec08e9122362d67c2677dc5
                                                                                                                                                                                                                      • Instruction ID: a3a66705303a77df9acd66c7352fc106c53734ca991cf33930e728adb7441586
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6b9e98d984d24e8bfd8e8ff83776c8447130b112ec08e9122362d67c2677dc5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AE08C50F6D20742FF48ABF29A454B92360DF88750F784438E90DCA252FF2CA98A4340
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2ECA4C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: 4ffc04765caaa8a7a83f103490f6d1f18fbf436ee4a692e69f7edf8eaffef600
                                                                                                                                                                                                                      • Instruction ID: ffa5a4d362343cca2756b256e55a4fdd02c059556581478f26a206ec030a64a1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ffc04765caaa8a7a83f103490f6d1f18fbf436ee4a692e69f7edf8eaffef600
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D41B132A4C24387EA34DBF9A65127973A0EB56B94F340135DA8EC67D1EF2DE442CB50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D82B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                                                      • Opcode ID: 3898fa9447ab810e0bbca4fbd853cf2d3a33ae8bca1f8b6eda026bb77d18e888
                                                                                                                                                                                                                      • Instruction ID: 86224d4697a9e324f2e41eea52df04241d39cd53006a07082051ce1b0796cfa0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3898fa9447ab810e0bbca4fbd853cf2d3a33ae8bca1f8b6eda026bb77d18e888
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C219121B0C29346EA94AAA2A6047FAA751FF45BD4FAC5430EE0D87786DE7CE046C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EC4DC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: 4bb09d750fef4d4748c4326401789d64e52eddfd621a452ce946259df6e5435f
                                                                                                                                                                                                                      • Instruction ID: dfab73f9053480e3ef00812b74e92896e0fbb9a9560146bb50822f95f745c603
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bb09d750fef4d4748c4326401789d64e52eddfd621a452ce946259df6e5435f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52318261A2C64386E6156BF58A413783750EF40BA8F750235EA1DDB3D2EF7CE441C751
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E6A88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                      • Instruction ID: 0e7336dd96aecf5a36779ed3e71d5d039df33a6169b11da2997608b0b4153dd8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96116021E2C68381EE609FE19611279A7A0FF95B84F784435EB8CCBB96EF3DD4508740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F728C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: 5a2fd61d2380c2417d5794f115bbf4a656e75441d4a409d8b240f29f696bd49a
                                                                                                                                                                                                                      • Instruction ID: 5a3b3197982019108d008b46b88688729efa68874e79b7e053c9cacbc0790639
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a2fd61d2380c2417d5794f115bbf4a656e75441d4a409d8b240f29f696bd49a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9218332A2CA4387EBA18F68E64037977A1EB84B54F344234EA5DC76DADF3CD4048B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E0ADC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: f9b91d952c5f5bbb27c286856a89106101f2e0992174c8f8af0f54b7d3c9b46c
                                                                                                                                                                                                                      • Instruction ID: 0b62829804fef4222ccf04a672db4a14dbaaf685603203f75ca5b70c5921bac7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9b91d952c5f5bbb27c286856a89106101f2e0992174c8f8af0f54b7d3c9b46c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F301C421B1C78741EA04DBB29A0106AA791FF85FE4F384634EE6C97BD6EE7CD4028300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E8090 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: b4fc32ba777152742743a0d821859b53a529354009332846be3fb9c1b7922a46
                                                                                                                                                                                                                      • Instruction ID: bb906c50108eb7898ab81eceaa87d530a9b4d29f1e48790e4a7904d07603b166
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4fc32ba777152742743a0d821859b53a529354009332846be3fb9c1b7922a46
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93019E20E1D64381FE646BF1AB411F92394EF407E4F384234EAADDA6C6FF7CA4418601
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EF738 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF60F2EBF86,?,?,?,00007FF60F2EB147,?,?,00000000,00007FF60F2EB3E2), ref: 00007FF60F2EF78D
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                      • Opcode ID: fe294415788ef69df4791d37b3f3bc23e16fbf5a99c7a053f345730c87ab0e5c
                                                                                                                                                                                                                      • Instruction ID: 9094cd048ac9312ab2d42cedbf260d088e695e38b397ebe7e9c1ebcdf9d7a076
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe294415788ef69df4791d37b3f3bc23e16fbf5a99c7a053f345730c87ab0e5c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF01D58B5E60741FE9456F19B512B51390DF88B90F7D4430DD0ECA3D2FE6CE9958222
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EE19C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,?,00007FF60F2E1304,?,?,?,00007FF60F2E2816,?,?,?,?,?,00007FF60F2E3E09), ref: 00007FF60F2EE1DA
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                      • Opcode ID: f8a53f2717aa9a418a153665f15f668aef4399ea448e79edee1d71d72a1e7fd0
                                                                                                                                                                                                                      • Instruction ID: 179d536c1d95d23ff19676ee8642e8c31ff62d376b923a57f2170ca7f96ea088
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8a53f2717aa9a418a153665f15f668aef4399ea448e79edee1d71d72a1e7fd0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DF0FE24B5D74745FE5466F15B516B51380DF447A0F3A4630F92ECD2D1EE5CA9818111
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E83CC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                                                                                                      • Instruction ID: db512c5091c6148347bd21331146c08ab959f296da828bb2b36ba53568134cd1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93E0EC61F2C24786FE247AF147C21F82350CF64340F384434EA48CA3C3FD1C688A5621
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                      Function 00007FF60F2D6EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressProc
                                                                                                                                                                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                      • API String ID: 190572456-2208601799
                                                                                                                                                                                                                      • Opcode ID: d06a92813886bac4db22892db141582495630975dbcfbb846e36d04df9038670
                                                                                                                                                                                                                      • Instruction ID: 3eb3f1adf1199299e2e6feefae3fd114ec545431c20018093b9fbc46a49bfcfe
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d06a92813886bac4db22892db141582495630975dbcfbb846e36d04df9038670
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62E1F661AADF0790FA9ACB94EA5017467A6EF08790BB55535C80ECA3A4EF7CF54CC340
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F4CFC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                      • API String ID: 808467561-2761157908
                                                                                                                                                                                                                      • Opcode ID: ee6ddb9c22397a02ef7f89c4ae9451cd5ee51806b236cf38c383584f5dc4b0f7
                                                                                                                                                                                                                      • Instruction ID: 6855a6194ad4e798b99351a6965da9bd21b893fc89483caa4f831025610a7b70
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee6ddb9c22397a02ef7f89c4ae9451cd5ee51806b236cf38c383584f5dc4b0f7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DB2C672E6C2838BE7A58EA4D6417FD37A1FB54348F645135DA0E97A84DF3CA908CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00007FF60F2D2A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D8587
                                                                                                                                                                                                                      • FormatMessageW.KERNEL32 ref: 00007FF60F2D85B6
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF60F2D860C
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF60F2D88E2,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D29F4
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: MessageBoxW.USER32 ref: 00007FF60F2D2AD0
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                      • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                      • Opcode ID: 341253ed490ea0d4c0f2cc2c63e3841e2b0994626e2ed60ed720fa43fab6ebbb
                                                                                                                                                                                                                      • Instruction ID: f6b6d6d546e110b017020874bda26c82ed567b37be4f31e1df90f277a9f90b5c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 341253ed490ea0d4c0f2cc2c63e3841e2b0994626e2ed60ed720fa43fab6ebbb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05216271A1CA4782F7649B91E9542AA63A5FF88784FA40135E68DC3AA4EF3CE109C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DC6AC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                                                      • Opcode ID: f0495aeca64e737fa0ff218dd5454e1fd46196f668a698fc407bc1dcdf963f54
                                                                                                                                                                                                                      • Instruction ID: 649322a3a3d07e31ecb6b653f1282df34c6ed85eb8f283c610b7bf0f936187f1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0495aeca64e737fa0ff218dd5454e1fd46196f668a698fc407bc1dcdf963f54
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05314F72A59B8686EB609FA0E8407EE7364FB84744F54403ADA4E87B98DF7CD64CC710
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EB1B8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                                      • Opcode ID: fd667905384e7d9d9673078d4bc89f495a5f33449598c9bf886212c96aaa5de2
                                                                                                                                                                                                                      • Instruction ID: f29b188f8dd9240e7e10943c0feb78c453a1bd7efc1bf5a7fc16123eefbf7118
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd667905384e7d9d9673078d4bc89f495a5f33449598c9bf886212c96aaa5de2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7131533665CB8286EB60CF65E9402AE73A4FB88754F600136EA8D83B95DF3CD559CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F24C4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2227656907-0
                                                                                                                                                                                                                      • Opcode ID: 18153d3bacff35197e7a12e87e099423dfee31ad9b8f95cd6c78971f36698885
                                                                                                                                                                                                                      • Instruction ID: f615fa7b79107661fadbee45eb505887c3783e8ce7c191c698c2f0a6772a1e2f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18153d3bacff35197e7a12e87e099423dfee31ad9b8f95cd6c78971f36698885
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDB10822B6C68781EEA0DBA1DA105B96350EF46BD4F645131EE4D87BC5EF3CE449C300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DC590 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                      • Opcode ID: c9256d3c29dec7defdbd069e132950cc3752c5933af8d37e6b370c711f310d19
                                                                                                                                                                                                                      • Instruction ID: f46baa38d422a9f05fc0ebeb52e997e884515c1422b5e36af48bb179b92081a5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9256d3c29dec7defdbd069e132950cc3752c5933af8d37e6b370c711f310d19
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2113322B98F068AEB40CFB0E8542B833A4FB59768F541E31DA6DC6764DF7CD1588380
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F4860 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1502251526-0
                                                                                                                                                                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                      • Instruction ID: d1e1ea9fda067671638bb70d395280c6d213e819695046411eb6ba2ed73f665c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71C14572B6D28687E760DF9AE24466AB7A1F784B84F609135DB4E83744CF3DE804CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2FA5D8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 15204871-0
                                                                                                                                                                                                                      • Opcode ID: 48b97647827edafc3b78799631f3641f64fd5a0bbb932a3008f366d071470ff1
                                                                                                                                                                                                                      • Instruction ID: e8e467c35437d65869f506dee8220428bfe9dce65e5a98b6aeca238beb023b63
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48b97647827edafc3b78799631f3641f64fd5a0bbb932a3008f366d071470ff1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83B14A77A28B8A8AEB55CF29C54636C3BA0F744B48F258931DA5D837A4CF3DD456CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8AF0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                      • Opcode ID: b4e9d4f2f4e135cd5a826bc565e92bc8980f88c43f5a21f71a862fe531212b02
                                                                                                                                                                                                                      • Instruction ID: a84ec8d91da8fe950ee6f922c3764df371d0f6c1c57a73667460ebcc6ed96b2a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4e9d4f2f4e135cd5a826bc565e92bc8980f88c43f5a21f71a862fe531212b02
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF0A472A1D68686F7A08FA4E5597A67390FF84728F100335D66D826D4DF3CD0188B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E40C4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                                      • API String ID: 0-227171996
                                                                                                                                                                                                                      • Opcode ID: 92ab44aa671049a5d726c4e1cd9e81523bdb76ab1b5bae976e988b650b47c5f7
                                                                                                                                                                                                                      • Instruction ID: b21d091b024d0b1f8df398d8db5722035ca8ef8912d41bea3591f3dd202e159b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92ab44aa671049a5d726c4e1cd9e81523bdb76ab1b5bae976e988b650b47c5f7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4E1A13AA0C64782EB68EEB9825057D23A0FF55B48F345235DA5E87794EF3EE851C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EEA90 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                                                                      • API String ID: 0-3030954782
                                                                                                                                                                                                                      • Opcode ID: 414bc82e88e4b1ba2530bd57a0790f599c7f8d835f00ab403542f9b81ab3ad6c
                                                                                                                                                                                                                      • Instruction ID: 9496545581353dce6088d5058dc8437ba04bec98259d7be399402aea1380185a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 414bc82e88e4b1ba2530bd57a0790f599c7f8d835f00ab403542f9b81ab3ad6c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58518822B1CAC682E7248F75DA507697B91F744B90F6A9235CBAC8BAC5EE3DD4048700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EE5FC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: gfffffff
                                                                                                                                                                                                                      • API String ID: 0-1523873471
                                                                                                                                                                                                                      • Opcode ID: bb93477e02d4e941dcb5b3cdf68f9d2c091b313a0377ba104bac55ee011317e1
                                                                                                                                                                                                                      • Instruction ID: 34351ed401785a25d86ceffc2ef3f3a89b15d08d66d784042973592217f9710c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb93477e02d4e941dcb5b3cdf68f9d2c091b313a0377ba104bac55ee011317e1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2A14562A0CBC686EB21CB76A1007AD7B91EB60BC4F278132DE8D87795EE3DD505C701
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E8CB0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: TMP
                                                                                                                                                                                                                      • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                      • Opcode ID: a66cd152b367dc7be4b3bfef00aca0449b64bb393eaa29b0982fbf11cde9e523
                                                                                                                                                                                                                      • Instruction ID: 680917a2e4d80b8a4e332bc69b91794b5da4f10ebdaa87a6f23d80515eb25779
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a66cd152b367dc7be4b3bfef00aca0449b64bb393eaa29b0982fbf11cde9e523
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16519D15F1C60381FAA8ABB69B115BA5391EF91B94F784535EE8DC77D2FE3CE4094200
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F40D0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                                                      • Opcode ID: 9cb1cd12b35fa318c4a8e0929622bdae7cba3dd6c324a68b4e8dcf83c52a71e5
                                                                                                                                                                                                                      • Instruction ID: 1e0e2f7e35f76d8a2e83600ab9856e15aeaefa2d76d7d10b9989a8e3837f6879
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cb1cd12b35fa318c4a8e0929622bdae7cba3dd6c324a68b4e8dcf83c52a71e5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08B09220E5BA06C2EA8C2B516C8221933A4BF4C720FA44038C10C85320DE2C61BA4701
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E3CC0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b1c086197733176920e670542d9d571295f110a1a04111a447b2e9bf7cf9f205
                                                                                                                                                                                                                      • Instruction ID: d86c21db696a886b30038640a1cbc04d964f3ee57bffaf47b284d048b6186016
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1c086197733176920e670542d9d571295f110a1a04111a447b2e9bf7cf9f205
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AD19E26A0C64786EB68CEB9C65427D2BA0EF45B49F384235CE4E87695EF3DEC41C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D90C0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e5e7c7d6f5738ce9ae6dae89df256b28c6339b9d8c2370fd2cf9ecf49eca8280
                                                                                                                                                                                                                      • Instruction ID: 4941ff29c1584e8d40162916b0056efd27367067c98d7c523e0cd433fecb813f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5e7c7d6f5738ce9ae6dae89df256b28c6339b9d8c2370fd2cf9ecf49eca8280
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89C1A5722241E18BD2C9EB39E56947EB3E1FB88349F94413AEB8747B89C63CE115D710
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E3330 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7c9ed06f36b3d533f088c72f27e683e59507fd20484e083b1e58df30cf10ceb8
                                                                                                                                                                                                                      • Instruction ID: 7f9f81b8ed21c5c1d1dec851507b4d46b624e95a1ab2dfa7de3ac12e47895f2c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c9ed06f36b3d533f088c72f27e683e59507fd20484e083b1e58df30cf10ceb8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47B15872A0CA8686EB65CF79C15427C3FA0E749B49F384135CA4E87395EF3AE841C754
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EF110 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0e5c34987f7a9ca6c6679c1ebbd58ec90466e7178802fc144f73f7d44e403847
                                                                                                                                                                                                                      • Instruction ID: 9c3c34cc283839fce527918b2d5e3587df27e512991105eb2235bddba8557444
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e5c34987f7a9ca6c6679c1ebbd58ec90466e7178802fc144f73f7d44e403847
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9781E272A0C78246EB74CB79E74036A6B91FB99794F344235DA8D87B89EF3CD4408B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F7350 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                      • Opcode ID: 4bcb7fea4aa58ec1e83bb0a718aef7bf1dc42f5110259d120146a0bda132328e
                                                                                                                                                                                                                      • Instruction ID: ac935c6db06b63829a7d18fd0113f0361e34b9adafd0619820f8c422ed784b64
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bcb7fea4aa58ec1e83bb0a718aef7bf1dc42f5110259d120146a0bda132328e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D61E722F7C29347FBA489A886506796B91EF40760F340639DA5EC76D5EE7DE8098700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E2064 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                      • Instruction ID: 1fc282b735b9fb99f3d5564b88cfe88f0f0671f64291f97f7aea966c6d92a181
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99518036E1C652C6E7248B79C54022833A5EB64B68F348131CE4E877D5EF3AE943C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E2884 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                      • Instruction ID: 4e22b61a466cc0162aa21744c67053071da99f902eca95ffafdb92a1cc299b30
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29516E76E1C656C6E7248B79C54023837A4EB55B68F345131CE8E977E4EF3AE842C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E2474 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                      • Instruction ID: f9b4b2f68c001748e9be457b8f259504591130589892fa0e9864560f04c2a4bf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6518136E1C652C2E7248F79C25462833A4EB55B68F345231CE4E977D4EF3AE852C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E1E60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                      • Instruction ID: 7ae57d262d6e8f8e4c71d54d5cc81d4102fed5eb9b325e05be7d314cca8f9fe7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4518F36A1C65286E7248B79C24427837A1EB59B58F384131DE8D977D4EF3AEC63C780
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E2680 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                      • Instruction ID: 09f6cc8a4365126b48219c68c1b729db1fd48c1ad556bd4d2e17e1a69c887597
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F518F36E1C652C6E7248B79C55023837A9EB59B58F344131CE4E977E8EF3AE852C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E2270 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                      • Instruction ID: f525e51239ebb2ccc94fb6db7001cb52d701ac478210d81bbdb7818f2bf9bf95
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD517D36E1C652C6E7258B79C14023C27A8EB55B58F345131CE4E977D9EF3AE852CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E6510 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                      • Instruction ID: 649f0a2e1b7571dd4f7fbf412012bae0ddbfbe1b3105d8f372d732ee32188108
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF41719293D74B04ED9589B847047B42F81DF72BA0D7852B4DD9D973CAFD0E699A8200
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EAA10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 588628887-0
                                                                                                                                                                                                                      • Opcode ID: a584b5ebd410868caf684851e7ae72ca0a48fe722538065b11fe9c603729eb0f
                                                                                                                                                                                                                      • Instruction ID: cad3eab084af8e21dcd47910d2a04e7da6afac09f99f8c1c895e832333c2244a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a584b5ebd410868caf684851e7ae72ca0a48fe722538065b11fe9c603729eb0f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1141D562718A5582EF58CF7ADA2416973A1FB48FD0B299037DE0DDBB58EE7CD4428300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E8278 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c51f715d9854622c5b108700180910ad3a9aa6af9920cd85415e1bbbcefc364c
                                                                                                                                                                                                                      • Instruction ID: db7c4c4acfb9a9fc8bb624fa27fbdf873b5dd5096e51786931e31d204878096a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c51f715d9854622c5b108700180910ad3a9aa6af9920cd85415e1bbbcefc364c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52318132B1CB4282E664DB76664016E6795EB84B90F284238EA8D97BD6EF3CD0128704
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2FA420 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4aa2e9ba6296ea42dd861dc7f4a70719f263379b300c18e22927abb196144ca8
                                                                                                                                                                                                                      • Instruction ID: 5987794af1bfebad418fb012229e221d2987611dc8737d97f937c678352b10c2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aa2e9ba6296ea42dd861dc7f4a70719f263379b300c18e22927abb196144ca8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DF06871B1C2968BDB9C8F2DA40262A77D0F708390F508579D58DC7B04DA3CD0508F44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DC88C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ba86f607178f2dc3ef803bbc4180c5da227c40ec501de79dfe2d660df2792ade
                                                                                                                                                                                                                      • Instruction ID: 7f790c085952ad947df20619a939adf8917712747a58eafc5b5d1ce2be6e0751
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba86f607178f2dc3ef803bbc4180c5da227c40ec501de79dfe2d660df2792ade
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52A00261DDCC47D4F7859B88EA504313370FF50301BA00031D00EC10A09F7CB658C300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D51E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressProc
                                                                                                                                                                                                                      • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                      • API String ID: 190572456-4266016200
                                                                                                                                                                                                                      • Opcode ID: 0f541286951d05cfde1ee621bc5578c8d1597a0a29c56f9860b2b78389049273
                                                                                                                                                                                                                      • Instruction ID: 611c99a44bbf728fec9b9579177e71d614485fae428e4f377f8ca95e1b90dcc1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f541286951d05cfde1ee621bc5578c8d1597a0a29c56f9860b2b78389049273
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7212C765A9EB0391FA99CB98EE5517423A1EF44750BB85035C80EC63A8FFBCB54DD380
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D12A0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message_fread_nolock
                                                                                                                                                                                                                      • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                      • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                      • Opcode ID: cc095db794f613858fb27ac0d8cb5787f700237879f4b3e9f52b33d822aecec6
                                                                                                                                                                                                                      • Instruction ID: f9db6838a8559cef14de63c195a5875d3b194c0047928d7a0db38407b2718878
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc095db794f613858fb27ac0d8cb5787f700237879f4b3e9f52b33d822aecec6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F751BE61B5C68746FA60EBA1EA512FA6390EF447C4FB04031EE4DC7B86EE7CE5458740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D23D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                      • String ID: P%
                                                                                                                                                                                                                      • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                      • Opcode ID: 4ec0923ad57b9e26d950b98539eabaaac0ee0779749769c2f3ee915382542b09
                                                                                                                                                                                                                      • Instruction ID: 945d6b17bc4bcba3313be2eadbafa0a10ac4820e6553e954440d84efa4e2fbaa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ec0923ad57b9e26d950b98539eabaaac0ee0779749769c2f3ee915382542b09
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75510726658BA287D6349F22A0181BAB7A1FB98B61F104135EFCE83684DF3CD049DB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E6D84 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: -$:$f$p$p
                                                                                                                                                                                                                      • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                      • Opcode ID: c2e3e1b204f81d5d3111ec2c6225d8aa08a7090ee70090e6a6c227d1fd7f1b68
                                                                                                                                                                                                                      • Instruction ID: 49a4a3cc0bd29460675c9154dd26adf172504e108d5c92cd0cfa0b79e12cc04a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2e3e1b204f81d5d3111ec2c6225d8aa08a7090ee70090e6a6c227d1fd7f1b68
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A712A672E1C24386FB649AB4D2547B977A1FB90750FB44035EAAA876C4FF3CE5809B10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E16E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                      • Opcode ID: f25701e18b7e3b768cc97be4ad67ee6babc8222917340eb79faa42be88ba5edf
                                                                                                                                                                                                                      • Instruction ID: 3842d94931dc22444c2643c959954804a82e9956db4155ad76aaf6c9999ab783
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f25701e18b7e3b768cc97be4ad67ee6babc8222917340eb79faa42be88ba5edf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5312A162F0D14386FB249AF4D2546B973A2FB40754FB84136E69A876C4EF3CE4A0CB51
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D1590 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                      • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                      • Opcode ID: ff26bd68d0c91c3465c0d56c19f8af7671989bea71c738cd2f134fa52d626a00
                                                                                                                                                                                                                      • Instruction ID: aee5f93d9a6fb2f8cfa9274039d33d50cf1d5c9655c3c2c7466d2475501fde31
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff26bd68d0c91c3465c0d56c19f8af7671989bea71c738cd2f134fa52d626a00
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2531E221B9C64382FA20DBD2EA001BA63A0EF047D4F784432DE4D87E95EE7CE5568740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DF120 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                                                      • Opcode ID: aa0254fa6ad752d1b0b3ebb90ffce52311fa0a6dd2bc18c7a97eb297d781420a
                                                                                                                                                                                                                      • Instruction ID: 7a195a4ffda434ed56e5229d59edf553db9251c9b2df3d35f21a77114c11103c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa0254fa6ad752d1b0b3ebb90ffce52311fa0a6dd2bc18c7a97eb297d781420a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFD1A172A0CB4786EB609FA5D6402AD77A0FF45788F200135EE8E97B96DF38E491C744
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EF7B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF60F2EFB4A,?,?,0000028884197908,00007FF60F2EB8F7,?,?,?,00007FF60F2EB7EE,?,?,?,00007FF60F2E6A32), ref: 00007FF60F2EF92C
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF60F2EFB4A,?,?,0000028884197908,00007FF60F2EB8F7,?,?,?,00007FF60F2EB7EE,?,?,?,00007FF60F2E6A32), ref: 00007FF60F2EF938
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                                      • Opcode ID: 7d0b8cd1019d27a9e16eec9e317f5686f28e1310d53eba994d83145821214b12
                                                                                                                                                                                                                      • Instruction ID: 01864babd0f39f3b925844d445f9b4bd95f16d278e4ad54ae28fa8399c5225a9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d0b8cd1019d27a9e16eec9e317f5686f28e1310d53eba994d83145821214b12
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F41E322B1DA0351FA16DBA6AA105B52395FF49BE0F394135DD0DCB798EF3CE4459300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D87A0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D8837
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D888E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                      • API String ID: 626452242-27947307
                                                                                                                                                                                                                      • Opcode ID: bbef752eefb4b7ebec369ce6dd59990b16bf3e6ee84a64b9519be49b4a355ac0
                                                                                                                                                                                                                      • Instruction ID: a1251a4e30bb97a0c31c736a6d21a3a4ca5ec655b3f296ac32664fce06d0e630
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbef752eefb4b7ebec369ce6dd59990b16bf3e6ee84a64b9519be49b4a355ac0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC418C32A1CB8782E660CF95A9401BAB7A5FF84794F644135DA8DC7B94EF3CE055C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8CE0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00007FF60F2D39CA), ref: 00007FF60F2D8D21
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF60F2D88E2,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D29F4
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: MessageBoxW.USER32 ref: 00007FF60F2D2AD0
                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00007FF60F2D39CA), ref: 00007FF60F2D8D95
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                      • API String ID: 3723044601-27947307
                                                                                                                                                                                                                      • Opcode ID: 24e20b950f9c341c4949047225b46873ae1dde5e69406ebada3fd8935fcb2f41
                                                                                                                                                                                                                      • Instruction ID: 4c7908208a8378f39deda4417f3b7f502c3de96581113eaedb499a370ebf4b90
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24e20b950f9c341c4949047225b46873ae1dde5e69406ebada3fd8935fcb2f41
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED217C25A1CB8385EA50DFE6EA400B977A5EF94B80F644135CA4E83BA5EF3CE5098300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D75A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                      • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                      • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                      • Opcode ID: f7c7794c3174e455c7faf5ac791216d9e007c53b0e3223efa14f88e571550ca0
                                                                                                                                                                                                                      • Instruction ID: 749d135dc993f852b0c959efee54595d56db082a821e21c875cd5b439b58038f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7c7794c3174e455c7faf5ac791216d9e007c53b0e3223efa14f88e571550ca0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9651CE21A1D68341FA64EBA5AB102F96391DF84BD0F740531EE0DCB7D6EE6CE8058781
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D7420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8BD0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF60F2D2A9B), ref: 00007FF60F2D8C0A
                                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF60F2D79A1,00000000,?,00000000,00000000,?,00007FF60F2D153F), ref: 00007FF60F2D747F
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D2B10: MessageBoxW.USER32 ref: 00007FF60F2D2BE5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF60F2D74DA
                                                                                                                                                                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF60F2D7493
                                                                                                                                                                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF60F2D7456
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                      • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                      • Opcode ID: 4f4c95c35499217e2e63b4373fad662a57540fd5acb4b39ffcb923783af1ce97
                                                                                                                                                                                                                      • Instruction ID: 01726c620899249a75ad1a3d02afe4a6149252bf6b35402e25987181373b5cec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f4c95c35499217e2e63b4373fad662a57540fd5acb4b39ffcb923783af1ce97
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3831A111B2D78781FA65A7A1EB253BA6391EF987C0FA40435DE4EC27D6FE2CE1048700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DE1B8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF60F2DE46A,?,?,?,00007FF60F2DD39C,?,?,?,00007FF60F2DCF91), ref: 00007FF60F2DE23D
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF60F2DE46A,?,?,?,00007FF60F2DD39C,?,?,?,00007FF60F2DCF91), ref: 00007FF60F2DE24B
                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF60F2DE46A,?,?,?,00007FF60F2DD39C,?,?,?,00007FF60F2DCF91), ref: 00007FF60F2DE275
                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF60F2DE46A,?,?,?,00007FF60F2DD39C,?,?,?,00007FF60F2DCF91), ref: 00007FF60F2DE2E3
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF60F2DE46A,?,?,?,00007FF60F2DD39C,?,?,?,00007FF60F2DCF91), ref: 00007FF60F2DE2EF
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                      • Opcode ID: 257efbe4257383a3eec37a8e0b20558c4c24ba0fcd14ee08d032d02959c7be2e
                                                                                                                                                                                                                      • Instruction ID: 819227a5d157c1796fe71e10bab889082ad81d180b68caaa8be4b8ed75582e64
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 257efbe4257383a3eec37a8e0b20558c4c24ba0fcd14ee08d032d02959c7be2e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B131A221B5EA4391FE51DB82AA045B923D4FF48BA0F3A4535DD1D8B794EF3CE4848300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D8BD0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF60F2D2A9B), ref: 00007FF60F2D8C0A
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF60F2D88E2,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D29F4
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: MessageBoxW.USER32 ref: 00007FF60F2D2AD0
                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF60F2D2A9B), ref: 00007FF60F2D8C90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                      • API String ID: 3723044601-876015163
                                                                                                                                                                                                                      • Opcode ID: 83b31a2985e644c59f7e42e272613087ded70715f2d4689f177d6a205493e17b
                                                                                                                                                                                                                      • Instruction ID: d640647cd2a651334fbc4bde346f7a6b8dd3c2a29e62d6c98a51e64f06cfd6a0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83b31a2985e644c59f7e42e272613087ded70715f2d4689f177d6a205493e17b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E219726B1DA43C1EB50CB69FA400AAA362FF887D4F684531DB5CC3BA9EF6CD5558700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EBCF0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                      • Opcode ID: baf75221cf3cb2a75a3864f5432fe8f182b5ba694cb96a30f85e371a3e3bdce6
                                                                                                                                                                                                                      • Instruction ID: 6bf9c472f0352956085d4292a267feaebd8dff4bfd6cfad8d36a90232c6309ee
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: baf75221cf3cb2a75a3864f5432fe8f182b5ba694cb96a30f85e371a3e3bdce6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F212C24A0C64382FA6DA7F197652796352DF887B0F344635D83ECAAD6EE6CB4018300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F8B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                      • Opcode ID: c684c657c71cc66e393495913d92b804321d58ad0ed46cdbde63fde403b390ba
                                                                                                                                                                                                                      • Instruction ID: 1fc547b89e6b6c0ffbd59fd155e308d2e35c986c2f6addad8bd44310b636d1f5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c684c657c71cc66e393495913d92b804321d58ad0ed46cdbde63fde403b390ba
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC118E21A6CA4686E3948B92E954729B3A0FB88BE4F244234EA1DC7794CF7CD5588744
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EBE68 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF60F2E5AAD,?,?,?,?,00007FF60F2EF79F,?,?,00000000,00007FF60F2EBF86,?,?,?), ref: 00007FF60F2EBE77
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2E5AAD,?,?,?,?,00007FF60F2EF79F,?,?,00000000,00007FF60F2EBF86,?,?,?), ref: 00007FF60F2EBEAD
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2E5AAD,?,?,?,?,00007FF60F2EF79F,?,?,00000000,00007FF60F2EBF86,?,?,?), ref: 00007FF60F2EBEDA
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2E5AAD,?,?,?,?,00007FF60F2EF79F,?,?,00000000,00007FF60F2EBF86,?,?,?), ref: 00007FF60F2EBEEB
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2E5AAD,?,?,?,?,00007FF60F2EF79F,?,?,00000000,00007FF60F2EBF86,?,?,?), ref: 00007FF60F2EBEFC
                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF60F2E5AAD,?,?,?,?,00007FF60F2EF79F,?,?,00000000,00007FF60F2EBF86,?,?,?), ref: 00007FF60F2EBF17
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                      • Opcode ID: fbb89e8a4f3849118ab777d390619d0313e2fd6ead43936cdcff58d47bc1237b
                                                                                                                                                                                                                      • Instruction ID: 0a31e0adbd02ded236d9657587ca44781cbdb72a7773c76b1bdce92a0a5dffa3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbb89e8a4f3849118ab777d390619d0313e2fd6ead43936cdcff58d47bc1237b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43112E24A0D64382FA6897B197611796392DF887B0F744735E96ECA7D6EF3CA4418700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D25E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                      • String ID: Unhandled exception in script
                                                                                                                                                                                                                      • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                      • Opcode ID: 66c833e6ed6def9769710971e31309989410471a98400d4f2f52bf1597ed673f
                                                                                                                                                                                                                      • Instruction ID: a02d7a0432cc34ea16d43f8052e9b459e9ab5f9e6696c7a8775461fd5dc09c63
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66c833e6ed6def9769710971e31309989410471a98400d4f2f52bf1597ed673f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47314A76A1CA8389EB64DFA1E9552F96360FF88788F640135EA4D8BB99DF3CD105C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D29C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF60F2D88E2,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D29F4
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8560: GetLastError.KERNEL32(00000000,00007FF60F2D2A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D8587
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8560: FormatMessageW.KERNEL32 ref: 00007FF60F2D85B6
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D8BD0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF60F2D2A9B), ref: 00007FF60F2D8C0A
                                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF60F2D2AD0
                                                                                                                                                                                                                      • MessageBoxA.USER32 ref: 00007FF60F2D2AEC
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                      • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                      • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                      • Opcode ID: a22562a3e5708768cb0d15f904b55a8b62d2097d7bb286fe6f48fe5cd4d63a9f
                                                                                                                                                                                                                      • Instruction ID: 3fcec166418aed8edf68a73da4013e5f0439e21d68d08c88c1ed59bcd89db66c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a22562a3e5708768cb0d15f904b55a8b62d2097d7bb286fe6f48fe5cd4d63a9f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F31707262CA8791E730EB50E5516EA7364FF84B84F904036EA8D87A99DF3CD709CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EA5F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                      • Opcode ID: 8b09857164704210b2e0253d11d0b3fe713c31e540e9fb1e205907d45fa6ef0f
                                                                                                                                                                                                                      • Instruction ID: 69d25c8946e1c7573c08ef15446bdec3f20c47085b3ba210f67bcaf1defa3578
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b09857164704210b2e0253d11d0b3fe713c31e540e9fb1e205907d45fa6ef0f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F0C221A5D60781FF148B64E84473A6320EF89BB4F740239C66E862E4DF2CD14C8B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2FA220 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                                                      • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                      • Instruction ID: a5886c055f9112b07c0ab64add9d58072c8eba8bf09427c4f8981f592175f41a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93117326FBCA0301FAD411E9E7563752340EF99370F350635E96FCA3D6CE2DA8486A45
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EBF30 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF60F2EB147,?,?,00000000,00007FF60F2EB3E2,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EBF4F
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2EB147,?,?,00000000,00007FF60F2EB3E2,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EBF6E
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2EB147,?,?,00000000,00007FF60F2EB3E2,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EBF96
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2EB147,?,?,00000000,00007FF60F2EB3E2,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EBFA7
                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF60F2EB147,?,?,00000000,00007FF60F2EB3E2,?,?,?,?,?,00007FF60F2E36AC), ref: 00007FF60F2EBFB8
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                      • Opcode ID: 0434c3fdbf9c26a91aec60777b29aa5bebea3f888b5c4c607fecd69b83d541e2
                                                                                                                                                                                                                      • Instruction ID: ac5d6d752280bfb1c55b9c2cc3552939e336b3210a14073d5dd8f71947a0ae20
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0434c3fdbf9c26a91aec60777b29aa5bebea3f888b5c4c607fecd69b83d541e2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24110A60B0C64342FA68A7B5A7612B96352DF897B0F344735F82DCAAD6EE3CA4418701
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EBDC4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                      • Opcode ID: af11eee63868852cf4a1734e1e626c2a4b4508f8d470d1a07fe234872ddf49b5
                                                                                                                                                                                                                      • Instruction ID: 7d7eaaffde6e0b5038770abcf84a9b82ee900087810dfbb2dc10ae7243c197bb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af11eee63868852cf4a1734e1e626c2a4b4508f8d470d1a07fe234872ddf49b5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D11E254E0D20782FA6CA6B197611792392DF89770F780739DA3ECA6D7FE3CB8418241
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E6A94 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: verbose
                                                                                                                                                                                                                      • API String ID: 3215553584-579935070
                                                                                                                                                                                                                      • Opcode ID: 1c0dd48f447bd5919c4c0af8999980ceaa421a823445f2473d5a297136b7fe44
                                                                                                                                                                                                                      • Instruction ID: dbf8067d976c25facf606fc33280e6424d36122950f983175edbd0ee0241eb55
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0dd48f447bd5919c4c0af8999980ceaa421a823445f2473d5a297136b7fe44
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B91DF22A2DA4781EB618EB4D66437D3BA1EB60B54FB84136DA5DC73D5EE3CE8458300
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F0B88 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                      • Opcode ID: d575cc9c9c6fff3bb6b887c91fcc14de71c27d2c4b886d2e4095e12dd43ef316
                                                                                                                                                                                                                      • Instruction ID: a47c5eae4d5950cbc01f910dea11d905c14abbb854644fc45cda78f86b289f8f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d575cc9c9c6fff3bb6b887c91fcc14de71c27d2c4b886d2e4095e12dd43ef316
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30817D36EAC24385EBE5CFE5835027837A0EF11B48FB58031CA0ED7296DF2DB9499601
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DCD70 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                      • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                      • Opcode ID: 9937fcd42addf426bdc80adcc1b9a62f0535f05a99127480d1a1977f785d18a7
                                                                                                                                                                                                                      • Instruction ID: 6d29cfedfc28d6b49c81a42bdf699e00895eb686a4a273793d8b64a295d9de8e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9937fcd42addf426bdc80adcc1b9a62f0535f05a99127480d1a1977f785d18a7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C51B132B5D6038AEB18DB95E644A7C3795EF44B98F618132EA5E87788DF7CE841C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DF5F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                      • Opcode ID: e4646d365215256e67ec22a9df473d11678327abea87c6de7235dddbff79b36e
                                                                                                                                                                                                                      • Instruction ID: a1eb506b9d5ab835900d4026dc9f31dee3c45cd3a3c60dd19a76fb50d1884e38
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4646d365215256e67ec22a9df473d11678327abea87c6de7235dddbff79b36e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B561A03290CBC681E7608F65E6403AAB7A0FF85B84F144225EB9D87B95CF3CD194CB04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2DF9A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                      • Opcode ID: 723dedddd72afc6468d282760165df683ca6c1680e5e3aacb3d58d0999c557cb
                                                                                                                                                                                                                      • Instruction ID: 133db78be1bd64e88f5818aaab1c935daf617298224c2f386444d2dafa10c6c3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723dedddd72afc6468d282760165df683ca6c1680e5e3aacb3d58d0999c557cb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D517F3290C68386EB748F91975426977A0FF58B88F349135DA8E8BB95CF3CE450C709
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D2870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                      • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                      • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                      • Opcode ID: 88149bfc2a28579845b544d32f14f9b1101eddfde92b8430b51e14ba55e9a319
                                                                                                                                                                                                                      • Instruction ID: 74adef3006efd3a1d798322056682d3b53d26f3323e4a5074c5792d324918afa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88149bfc2a28579845b544d32f14f9b1101eddfde92b8430b51e14ba55e9a319
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A931237262C68791E620EB50E5516EA7364FF847C4FA44036EA8D87A99DF3CD709CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D3EB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF60F2D39CA), ref: 00007FF60F2D3EE1
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF60F2D88E2,?,?,?,?,?,?,?,?,?,?,?,00007FF60F2D101D), ref: 00007FF60F2D29F4
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2D29C0: MessageBoxW.USER32 ref: 00007FF60F2D2AD0
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                      • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                      • Opcode ID: a0f4ac4870535fdd3da745cd16929a0880a6c5442cdd0bc39b12d524b6311160
                                                                                                                                                                                                                      • Instruction ID: 04b40d578ea9dd4ff7c63000d94cfb224feafd3a259ca8d3dad3a75add02aba3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0f4ac4870535fdd3da745cd16929a0880a6c5442cdd0bc39b12d524b6311160
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4801A261B2D647C4FAA0E7A0EA253B523A1FF583C4FA00036E84DC6296EE1CE509C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2ED140 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                                                      • Opcode ID: 0a0d81bfe4120ef9cba8412760d98f6ac5c5ee8295e8d3c135a36233c03d6874
                                                                                                                                                                                                                      • Instruction ID: 2ef5f57afceb3422e99eecdf5d0adc1f500deeb88cc414d02750bc34c47f107c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a0d81bfe4120ef9cba8412760d98f6ac5c5ee8295e8d3c135a36233c03d6874
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDD1D072B1CA828AE710CFB5D6402AC37B5FB55798BA44236CE5DD7B99EE38D406C340
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D2310 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1956198572-0
                                                                                                                                                                                                                      • Opcode ID: b05b5568a63e2e2d0baaa3588e58b47743bee96d0fa3dc0d735729d29a60f88b
                                                                                                                                                                                                                      • Instruction ID: 86619884b6c9ff1cb841b067c223db0414d4bc2445b6d634ad925f6b6db9b2b3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b05b5568a63e2e2d0baaa3588e58b47743bee96d0fa3dc0d735729d29a60f88b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1111A521A5C14782FBD49BE9E7446B96391EF89BC0F688071EA4986BDACE2CD5C54700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F686C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                      • Opcode ID: f7308ed130ebcec51d7c207d98fe8ad99d28455c8954ade1b0b7718248787264
                                                                                                                                                                                                                      • Instruction ID: a2e423c85070a9817bacf3a340e2437039584a953e900bbdc593dea2034711a7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7308ed130ebcec51d7c207d98fe8ad99d28455c8954ade1b0b7718248787264
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6412912A2C28342FBA49BA5D60137A6B50EF90BA4F344235EF9D86BD5DF3CD449C700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E9B84 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF60F2E9BB6
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4EC: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB502
                                                                                                                                                                                                                        • Part of subcall function 00007FF60F2EB4EC: GetLastError.KERNEL32(?,?,?,00007FF60F2F3972,?,?,?,00007FF60F2F39AF,?,?,00000000,00007FF60F2F3E75,?,?,00000000,00007FF60F2F3DA7), ref: 00007FF60F2EB50C
                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF60F2DC125), ref: 00007FF60F2E9BD4
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      • C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe, xrefs: 00007FF60F2E9BC2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.32346.10249.exe
                                                                                                                                                                                                                      • API String ID: 2553983749-3978180235
                                                                                                                                                                                                                      • Opcode ID: e02605a42b068f6eccedcb3010d95b522989991cdee656cc9b719bfc68919b09
                                                                                                                                                                                                                      • Instruction ID: f2cebe84a2a5528467297d8ca436a3a04505ce3204ac66271aa4c33a703f6e95
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e02605a42b068f6eccedcb3010d95b522989991cdee656cc9b719bfc68919b09
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13416D36A0DA1386EB14EF7596901BD77A4FB48794B345036EA0E87B86EE38E4858240
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2ED7D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                                                      • Opcode ID: 1c4d8f885a23e91b6f023f5bba01b3d5456b675b65fc2396528dfcf9b2bee20e
                                                                                                                                                                                                                      • Instruction ID: 8719b6875026ab8d4ede5acc8c36a6e026c4f961621cac96211bd906a970700a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c4d8f885a23e91b6f023f5bba01b3d5456b675b65fc2396528dfcf9b2bee20e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB41D322B1CA4682DB60CF65E9443A977A1FB88B94FA14135EE4DC7788EF3CD545C740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2EFEF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                                                      • Opcode ID: f8853df76d8a35cc092ec0fa42437b13b6675eac090f4f758e0817951b5ef45f
                                                                                                                                                                                                                      • Instruction ID: f980b05f1254afe2d0bf0915ab5b32c96a4e2f3dde4e0f582fedd1e9bff68a6c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8853df76d8a35cc092ec0fa42437b13b6675eac090f4f758e0817951b5ef45f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0321B123A1C68382EB209B61D2542AD73A1FB84B44FB58035DA9DC76C5EF7CE945C741
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D2C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                      • String ID: Error detected
                                                                                                                                                                                                                      • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                      • Opcode ID: 04587b85e8c5a5f01c124244adb340557da1a3c376205467b785ddfdae2ba4e1
                                                                                                                                                                                                                      • Instruction ID: 143a9fac9195b19ef59c18c3c3c63f6f6ab327dbac34ab76c388aae50ce8ad51
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04587b85e8c5a5f01c124244adb340557da1a3c376205467b785ddfdae2ba4e1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2621927262CA8791EB20DB50F5516EA7364FF84788F905136EA8D87AA9DF3CD205CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2D2B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                      • String ID: Fatal error detected
                                                                                                                                                                                                                      • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                      • Opcode ID: b6f7d9423fd809a91d1653bcdf9902987ab7b8a697f00e322c081d77e498ae58
                                                                                                                                                                                                                      • Instruction ID: c48834e959f4db2a46124aa3f9104341a1d2f48289d90ebb094ab2b7dea4f2d2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6f7d9423fd809a91d1653bcdf9902987ab7b8a697f00e322c081d77e498ae58
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A321A77262CA8791EB20DB50F5516EA7364FF84788F905135EB8D87AA5DF3CD209CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2E0468 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                      • Opcode ID: c8cc4bb08b20690d02c8bce5cff6a9b5d4d552f887a177c474232a7ea1470dcf
                                                                                                                                                                                                                      • Instruction ID: fe6af22dd40fe4c4499e2c3d1728330b0347fa1e1d57af3a91647585905c631c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8cc4bb08b20690d02c8bce5cff6a9b5d4d552f887a177c474232a7ea1470dcf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA115E3261CB4582EB61CB65F64026977E4FB88B94F684231DACD47755EF3CC5558700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF60F2F09FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3325533771.00007FF60F2D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60F2D0000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325514842.00007FF60F2D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325560848.00007FF60F2FC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F30F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325580297.00007FF60F311000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000000.00000002.3325615825.00007FF60F313000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff60f2d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                                                                                                                      • Opcode ID: 0bb087a2c4c4f6707d1aaf47450714c5cfb5908953c580e39f9c8bdb8a3b6409
                                                                                                                                                                                                                      • Instruction ID: 53adf55ecf998e5f140764ebc655202e69b7830c66fdc36c78aeb4ab5dbad1a7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bb087a2c4c4f6707d1aaf47450714c5cfb5908953c580e39f9c8bdb8a3b6409
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17016762A6C64786FB71DFA0956127E6390EF44708FA41039DA4DCA696EF3CE508CA14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                      Function 00007FF8A16213DE Relevance: 158.2, APIs: 87, Strings: 3, Instructions: 726COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_free$N_free$N_num_bitsX_freeY_free$N_bn2binX_newY_get_security_bitsmemset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$pub$tls_construct_server_key_exchange
                                                                                                                                                                                                                      • API String ID: 3722698299-2667473521
                                                                                                                                                                                                                      • Opcode ID: 626e766d1d86412171720e3892c58be924f0bfef9e1e5d2bece696801b47ea8c
                                                                                                                                                                                                                      • Instruction ID: 77284f26ae7d48c030594386866b76bca3e1dda890ecb6d0a37e2833665eb6ed
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 626e766d1d86412171720e3892c58be924f0bfef9e1e5d2bece696801b47ea8c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71627A62F0EE42A6FB94EB61D5516F92B61EF80BC4F406036DD4D87A96CF2CE605CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16221DF Relevance: 110.7, APIs: 57, Strings: 6, Instructions: 483COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_enc.c$HMAC$tls-mac-size$tls-version$tls1_change_cipher_state$tls_provider_set_tls_params
                                                                                                                                                                                                                      • API String ID: 1274617517-1172825828
                                                                                                                                                                                                                      • Opcode ID: 5bc5554ddd7bb702f3816a646488489912337c9d1c53e94c9d18e12e20747e55
                                                                                                                                                                                                                      • Instruction ID: dbab3d582898afdd99459499a75fa6e0594d2d6fc057effa0b51381ee2618a07
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bc5554ddd7bb702f3816a646488489912337c9d1c53e94c9d18e12e20747e55
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2822AE62B0EE86A2EBA49B26D4507B92BA0FF85BD4F406135DE4D83791DF3CE151CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1653460 Relevance: 101.8, APIs: 46, Strings: 12, Instructions: 278COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$M_locate_const$M_get_intO_freeO_strdupR_set_debug$M_get_uintR_set_error$O_mallocO_reallocR_pop_to_markR_set_markT_freememset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$add_provider_groups$tls-group-alg$tls-group-id$tls-group-is-kem$tls-group-name$tls-group-name-internal$tls-group-sec-bits$tls-max-dtls$tls-max-tls$tls-min-dtls$tls-min-tls
                                                                                                                                                                                                                      • API String ID: 1308757171-3546839243
                                                                                                                                                                                                                      • Opcode ID: 86ea7d174c23c41e3b646b7f5f61420212864deee4dbc8d1870a22d55914c849
                                                                                                                                                                                                                      • Instruction ID: 25619ec6a8731c2d7a3f494edba33ac95f9d37ed97d33bade116e683327eafc2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86ea7d174c23c41e3b646b7f5f61420212864deee4dbc8d1870a22d55914c849
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47C18DA1B0FE42A2FF98AB11D4512B92A91EF45BD0F457032E90EC67D6DF2CE841CB15
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622612 Relevance: 79.0, APIs: 42, Strings: 3, Instructions: 247COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X509_$L_sk_num$R_newR_set_debugR_set_error$L_sk_value$E_add_certX509_free$E_freeE_newL_sk_popL_sk_pop_freeL_sk_shiftR_clear_errorX509_get_extension_flagsX509_verify_certX_freeX_get1_chainX_initX_new_ex
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_cert.c$Verify error:%s$ssl_build_cert_chain
                                                                                                                                                                                                                      • API String ID: 2450959797-1677813244
                                                                                                                                                                                                                      • Opcode ID: 20a44bfa582ce04fe93a2bcd6272cc775b9b2de793e4efd097d0a21d052496e0
                                                                                                                                                                                                                      • Instruction ID: e6a6daee7158e629298dff9fb70cc3eac1be5a57ab538ad3d4390192b0ed0f1f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20a44bfa582ce04fe93a2bcd6272cc775b9b2de793e4efd097d0a21d052496e0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82A19D62A0FE4263FBA4AF6194156BA2A54EF84BC0F446435EE5EC7796DF3CE4018B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162111D Relevance: 73.8, APIs: 39, Strings: 3, Instructions: 286COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$O_freeO_zalloc
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_cert.c$gfffffff$ssl_cert_dup
                                                                                                                                                                                                                      • API String ID: 1191937791-1697153846
                                                                                                                                                                                                                      • Opcode ID: e048c4f90e9b58322efc39cd4b2d5113965c750834da7b20b8851709e95ac7b8
                                                                                                                                                                                                                      • Instruction ID: e5026e5f4dcc1859ada4c2aa763a7a4805be5278e507393d6db4ceab3b4ffe2b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e048c4f90e9b58322efc39cd4b2d5113965c750834da7b20b8851709e95ac7b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65D12A72B0AF42A2EB98DB25E5902F967A0FB44BC4F446036DA5D87785DF3CE560CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621646 Relevance: 72.1, APIs: 39, Strings: 2, Instructions: 334COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeR_newR_set_debug$X509_get0_pubkeyX_freeX_new
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_cert_verify
                                                                                                                                                                                                                      • API String ID: 3996869770-4103244874
                                                                                                                                                                                                                      • Opcode ID: 21c14e39f53581607dee5c24061dae1858974fe5b57a8ccbc95ebcdf2cb047e9
                                                                                                                                                                                                                      • Instruction ID: 0b444ab7e11ba588c8ebaef8d070ea01cc0e575b8de091b44bf18c5b12cdae5a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21c14e39f53581607dee5c24061dae1858974fe5b57a8ccbc95ebcdf2cb047e9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECE18E66A0FE82A2FB90AB55D8512B92B94EF85BC4F506032DD4DC7796CF3CE6418B01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162110E Relevance: 70.4, APIs: 36, Strings: 4, Instructions: 354COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeX_freeY_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\include\internal/packet.h$tls_process_key_exchange$tls_process_ske_psk_preamble
                                                                                                                                                                                                                      • API String ID: 2275278220-805935579
                                                                                                                                                                                                                      • Opcode ID: 02f673f4080bf3580714c2b16e1f460d9e769273ccbaa9e7faa8bf33657e541d
                                                                                                                                                                                                                      • Instruction ID: 01f084dc563c673dde5113a59cdd90ef4955379d95bd30658b6234abcca37c8f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02f673f4080bf3580714c2b16e1f460d9e769273ccbaa9e7faa8bf33657e541d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F17BA1B1EE86A1F760AB25D4003FA2B51FF85BC4F506032DA8D876D6EF2CE545CB41
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162116D Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 379COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Digest$Init_exL_cleanseR_newR_set_debug$D_get_sizeFinal_exX_freeX_newY_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c$HMAC$ext binder$res binder$tls_psk_do_binder
                                                                                                                                                                                                                      • API String ID: 1272419997-82630564
                                                                                                                                                                                                                      • Opcode ID: 02f9fc24decce5080dfe6d181de6a0d9c870e4517c4ca928424ac1da973334b8
                                                                                                                                                                                                                      • Instruction ID: ba0d657e44d888668e78df5b4e4995617c376b24f784d113949751a819f8f3df
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02f9fc24decce5080dfe6d181de6a0d9c870e4517c4ca928424ac1da973334b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F1A076B1EE82A2EBA49B61E8557BA6B51FB857C0F406031DE4D87A95DF3CE104CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16226DF Relevance: 68.5, APIs: 35, Strings: 4, Instructions: 257COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$R_newR_set_debug$O_ctrlO_newO_s_fileR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SERVERINFO FOR $SERVERINFOV2 FOR $SSL_CTX_use_serverinfo_file
                                                                                                                                                                                                                      • API String ID: 1122662597-2528746747
                                                                                                                                                                                                                      • Opcode ID: 3e4dd971dfe5d7fa397b8be01ccea2d88cc2aa5eee9e8a196703b0b199a3efcf
                                                                                                                                                                                                                      • Instruction ID: a2cc8c8041e55c564d5906ff4628263c886b9a4cde0a7bc75804325eace665df
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e4dd971dfe5d7fa397b8be01ccea2d88cc2aa5eee9e8a196703b0b199a3efcf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12B18AA1B0EE42B6FB109B61D9801BD3BA5EF407D4F546036E90D87A99DF3CE685CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1640380 Relevance: 66.7, APIs: 37, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$L_sk_pop_free$L_sk_free$M_freeO_free_allX_free$D_lock_freeO_free_ex_dataO_popT_freeX509_X509_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                      • API String ID: 1751156600-1080266419
                                                                                                                                                                                                                      • Opcode ID: b28d7433eed68e8dea00fb52fad3f2c7e52ccf85c73ce903903ebfec524e4716
                                                                                                                                                                                                                      • Instruction ID: ab4a75661dbf864e6874ece2f7ee7982784d6b2a751055d714d11bb193d311a5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b28d7433eed68e8dea00fb52fad3f2c7e52ccf85c73ce903903ebfec524e4716
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80912065B0AE4761EB80AF25C8917B92B15FF85FC9F046036DE0DCF29ADF28E1058B50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621618 Relevance: 65.1, APIs: 23, Strings: 14, Instructions: 314COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Y_asn1_find_strY_asn1_get0_info$E_fetchH_fetch$D_get_sizeE_freeH_freeR_pop_to_markR_set_mark
                                                                                                                                                                                                                      • String ID: $ $ $ $DSA$ECDH$ECDSA$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512$kuznyechik-mac$magma-mac
                                                                                                                                                                                                                      • API String ID: 4252356852-365409564
                                                                                                                                                                                                                      • Opcode ID: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                                                                                                                                                                      • Instruction ID: 6aec4c264564149a3bc623a4f5b6ac51522741e9e0ed91bd6e0d8f92f74e0d36
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6E18276A16FA296E7509F34D4816E93BE4FB447D8F082235EE4E86695DF38E091CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16926E0 Relevance: 61.7, APIs: 31, Strings: 4, Instructions: 409COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CRYPTO_malloc.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A169276E
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A169277C
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1692794
                                                                                                                                                                                                                      • EVP_CIPHER_CTX_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A16927A4
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A16927E7
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1692D30
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1692D48
                                                                                                                                                                                                                      • CRYPTO_free.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1692D73
                                                                                                                                                                                                                      • EVP_CIPHER_CTX_free.LIBCRYPTO-3(?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1692D7B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_freeO_mallocX_freeX_new
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$AES-256-CBC$SHA256$construct_stateless_ticket
                                                                                                                                                                                                                      • API String ID: 1754044936-1960200554
                                                                                                                                                                                                                      • Opcode ID: fe5cb8bc6b8b6e954336717d47a7ce1825645efb7a3d7904fd03fba4c93c735b
                                                                                                                                                                                                                      • Instruction ID: ab38e339b67851befba26fc7b57a2fa2d0171f2534274568142fcf1986f3cf35
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe5cb8bc6b8b6e954336717d47a7ce1825645efb7a3d7904fd03fba4c93c735b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E029162F0EE42A6FB909BA1D4506BD2BA5EF45BC8F406035DD0DD7A95DF2CE506CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162149C Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 288COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_enc.c$ssl3_change_cipher_state
                                                                                                                                                                                                                      • API String ID: 193678381-4073342769
                                                                                                                                                                                                                      • Opcode ID: 77e97a1755068072f82e3dd39b0d164fe1378b2c2ecc5685c17a022b05e49643
                                                                                                                                                                                                                      • Instruction ID: 78f24cf42f74474c7f41c2ac1745f5f8b6b77d75488a75a927585f1ad8ed2080
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77e97a1755068072f82e3dd39b0d164fe1378b2c2ecc5685c17a022b05e49643
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42C18C62E1EE42A2E7D1EB21D514AF92B90EF547C8F446431DD0D87696EF3CE541CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162162C Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_freeX_freeX_new
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_cert_verify
                                                                                                                                                                                                                      • API String ID: 3285935519-2275373907
                                                                                                                                                                                                                      • Opcode ID: bec4d6259aa3faed7903693683cf0f2093e96f35b05040d1dc8df4e12e3cac20
                                                                                                                                                                                                                      • Instruction ID: 7d4fd73060ab030a29e32442058053ea5ffdad3acfffe6eae72fb595779ae22f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bec4d6259aa3faed7903693683cf0f2093e96f35b05040d1dc8df4e12e3cac20
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5A19661B0EE82A2FB509B52D4512B96B91EF89BC4F546072ED4DCB796EF3CE5018B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16343A0 Relevance: 57.9, APIs: 29, Strings: 4, Instructions: 178COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X509_$R_newR_set_debugR_set_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_new_exX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_cert.c$ssl_client$ssl_server$ssl_verify_cert_chain
                                                                                                                                                                                                                      • API String ID: 374146265-1087352319
                                                                                                                                                                                                                      • Opcode ID: 67301769716e3a631a9ecf5bd14671fd1b2cbb774a5bb158fdea402df5d14953
                                                                                                                                                                                                                      • Instruction ID: 1e3c5dfd284bb4933ff3fd2f30f1bc700a32e84820e6fae446fbb494c88e3db2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67301769716e3a631a9ecf5bd14671fd1b2cbb774a5bb158fdea402df5d14953
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8571A061B0BE4266FB84EF2595506B96BA1EF85BC4F486032DD0DC7B96DF2CE841CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1684110 Relevance: 52.7, APIs: 25, Strings: 5, Instructions: 198COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FF8A1684EA5), ref: 00007FF8A1684145
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FF8A1684EA5), ref: 00007FF8A168415D
                                                                                                                                                                                                                      • X509_get0_pubkey.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FF8A1684EA5), ref: 00007FF8A1684185
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FF8A1684EA5), ref: 00007FF8A16841A0
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FF8A1684EA5), ref: 00007FF8A16841B8
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$0$0$RSA$tls_construct_cke_rsa
                                                                                                                                                                                                                      • API String ID: 2988517565-1370622440
                                                                                                                                                                                                                      • Opcode ID: ecd1f2f34ecfcaddde55b832bfb15d662a12f8039f19953d98ea179535a10a33
                                                                                                                                                                                                                      • Instruction ID: 542422fe024b3c0ccf0d2de6361debe1c9746476f1119e810ac0f3f6b67924cb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecd1f2f34ecfcaddde55b832bfb15d662a12f8039f19953d98ea179535a10a33
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D818D61B1EE42A2F754AB66E8117B92B54EF85BC4F446032DD4CC7A96EF2CE201CB41
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A169A2C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 213COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$0$tls-client-version$tls-negotiated-version$tls_process_cke_rsa
                                                                                                                                                                                                                      • API String ID: 193678381-3332223380
                                                                                                                                                                                                                      • Opcode ID: d08302ef40a569010eb004d3f26400ad8e1a2c1adadab102a3c8348c59de2f14
                                                                                                                                                                                                                      • Instruction ID: 9ddf890c858f0fe3495559c0e68062085294421c02fd7f62799c39fcb3418197
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d08302ef40a569010eb004d3f26400ad8e1a2c1adadab102a3c8348c59de2f14
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77A1B162A1EE82A6E790DF25D4016F97B61FF857C4F44A131DA8D87A96DF3CE181CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16221C1 Relevance: 47.6, APIs: 25, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_key_share
                                                                                                                                                                                                                      • API String ID: 193678381-3282377310
                                                                                                                                                                                                                      • Opcode ID: e4c32d548a5fb7f5c012ebd0b98307e47396899716ab04757b32bcbd2bcfe083
                                                                                                                                                                                                                      • Instruction ID: af89fd94dc683143f61c278968554ae69a50034ed59cfb0c21ffb59fa9276ac6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4c32d548a5fb7f5c012ebd0b98307e47396899716ab04757b32bcbd2bcfe083
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92D1A1A2F1FE82A6F790DB21E4157B92B51EF807C1F546432EA4D86AD6DF2CE5418F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16213D9 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 256COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_server_certificate
                                                                                                                                                                                                                      • API String ID: 3085087540-2730446810
                                                                                                                                                                                                                      • Opcode ID: 4484d8c19de585067a13e5cc86f25ebe1c885de7d50b475d7d60abdeaf7e5102
                                                                                                                                                                                                                      • Instruction ID: 5db607cc32c26bb1e993382dbc626452ff2eaaf683da65c501f78f74849d9ce9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4484d8c19de585067a13e5cc86f25ebe1c885de7d50b475d7d60abdeaf7e5102
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2EC1B062A0EE86A6E7609B25D4407FD7B51EB81BC4F10A132DA9C876D6EF3CE541CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1683420 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 207COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$X509_get0_pubkeyX_new_from_pkey
                                                                                                                                                                                                                      • String ID: $..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost
                                                                                                                                                                                                                      • API String ID: 3869628303-1144584530
                                                                                                                                                                                                                      • Opcode ID: 6be314bb860b616883e18dc6033af123328f5c369e4659ab1dd57f170f7c2bfa
                                                                                                                                                                                                                      • Instruction ID: 8d13d489032bc243791e93afd7efc4f44c917cc39c49ad413cb9091b73209c9b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6be314bb860b616883e18dc6033af123328f5c369e4659ab1dd57f170f7c2bfa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9915062B1EE82A6FBA4AB21D4557F92A50FF85BC4F406031DD4DCB786EF2DE5008B44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1669370 Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$D_get_sizeX_get0_md
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\ssl3_record.c$dtls1_process_record
                                                                                                                                                                                                                      • API String ID: 1548276727-2476007939
                                                                                                                                                                                                                      • Opcode ID: 70e4157f76f5ace0469dd6228d09dea0bf92f973694bb9c997b0518180464d9e
                                                                                                                                                                                                                      • Instruction ID: 528aba558f063b5c0d84f678cfee4029ae6806d47229c9f279b431be6bc295ea
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70e4157f76f5ace0469dd6228d09dea0bf92f973694bb9c997b0518180464d9e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12B19072A1AE42A6FB94AF21E4106B92B55FF84BC4F446032DE5EC7695DF3CE451CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162230B Relevance: 42.4, APIs: 20, Strings: 4, Instructions: 388COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$O_freeR_set_debug$D_fetchD_freeO_malloc_time64
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$SHA2-256$resumption$tls_process_new_session_ticket
                                                                                                                                                                                                                      • API String ID: 4294151624-1635961163
                                                                                                                                                                                                                      • Opcode ID: c6e3293670604270eb17b939ecf747f0f53c2528b297dd3ceac71c44ac4c120e
                                                                                                                                                                                                                      • Instruction ID: abc49d3a870f0b48aa72b1884cad1b13e4d15a876c13d97385d451659514c32f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6e3293670604270eb17b939ecf747f0f53c2528b297dd3ceac71c44ac4c120e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4029272A0EE8291E7509F15E4803BD7BA1EB84BC4F14A136DA9D87795EF3CE591CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16421C0 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 281COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_new
                                                                                                                                                                                                                      • API String ID: 1552677711-1278568459
                                                                                                                                                                                                                      • Opcode ID: 70ac47f4399532c403a3cd33b4663962d4bed4d87ea2d6c605935e0e27f9bf3b
                                                                                                                                                                                                                      • Instruction ID: 90323ae5c13bf7f835f4d101f92fafd50dc3287af96fe701602245d767ca10ed
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70ac47f4399532c403a3cd33b4663962d4bed4d87ea2d6c605935e0e27f9bf3b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9E12776B06F81A6EB88CF25E5806E877A8FB48B84F185139DF5C8B755DF38E1608710
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162144C Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$X_freeX_new
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha$tls_process_finished
                                                                                                                                                                                                                      • API String ID: 1676177304-1286925996
                                                                                                                                                                                                                      • Opcode ID: ab9d16aef1bff18dc03299cf1dfcf1d2236c1a11ed20585b785e95c486d8f676
                                                                                                                                                                                                                      • Instruction ID: f8f7aaa5d29c6c1d24c137c9cbaf8a9c1a5f1d2bdd37558e1c3f951545f86f0d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab9d16aef1bff18dc03299cf1dfcf1d2236c1a11ed20585b785e95c486d8f676
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8A16C72F0AE42A3FB90EF21D4506B92A50EF84BD4F686036DA4DC7695DF2CE541CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16224D7 Relevance: 33.6, APIs: 17, Strings: 2, Instructions: 332COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$D_get_size$_time64
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_psk
                                                                                                                                                                                                                      • API String ID: 2926598114-446233508
                                                                                                                                                                                                                      • Opcode ID: a11bef7cbfc6b8b4167c382bae992b6a17244433c9d55fface82dacda65976e8
                                                                                                                                                                                                                      • Instruction ID: f68108ec5ae588e0087daefc08c1f57634b839546bf8155157fdcc738116f300
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a11bef7cbfc6b8b4167c382bae992b6a17244433c9d55fface82dacda65976e8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AE18FA2B0EE42A2F790DB2295447BA6B95EB84BC0F546435ED0DC7E86DF3DE541CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1662230 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: N_clear_free$R_newR_set_debug$N_num_bitsO_clear_freeO_malloc
                                                                                                                                                                                                                      • String ID: ..\s\ssl\tls_srp.c$srp_generate_client_master_secret
                                                                                                                                                                                                                      • API String ID: 1310426286-3880031085
                                                                                                                                                                                                                      • Opcode ID: 9bb866a29728b13ab4cff180e5e4dbb876ff64fed811af41bf491d10edb5c583
                                                                                                                                                                                                                      • Instruction ID: 92f38ee56b714eedeb78911236e82b0ca7136081b85864d3f7a6fbda97f1a7c3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb866a29728b13ab4cff180e5e4dbb876ff64fed811af41bf491d10edb5c583
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C61A362B0FE82A2E758AB12D9406E97B90FB84BD4F446035DE4D87786DF3CE151CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622112 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$D:\a\1\s\include\internal/packet.h$ssl_cache_cipherlist
                                                                                                                                                                                                                      • API String ID: 193678381-1442704767
                                                                                                                                                                                                                      • Opcode ID: d0c21b24b6679204923dccf173b4700644f749bcdc9782d7c3f7e7f5cecd7e90
                                                                                                                                                                                                                      • Instruction ID: 7a86f0b15640c3717b7b9113c77cb2da6f09165a1598ed63c6e6203dced0eaaf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0c21b24b6679204923dccf173b4700644f749bcdc9782d7c3f7e7f5cecd7e90
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C71CF72B0EF82A2EB90DF24E9506F97B95EF44BC4F486035DA4D86A95DF3CE1408B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162143D Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 285COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_value$L_sk_num$L_sk_push$L_sk_findL_sk_free
                                                                                                                                                                                                                      • String ID: SHA2-256
                                                                                                                                                                                                                      • API String ID: 3834244297-3468047183
                                                                                                                                                                                                                      • Opcode ID: 6a6669aac80f61bcfb6dc36e0960d25c5dc77d1462cd483c229eb52a3eea009d
                                                                                                                                                                                                                      • Instruction ID: ede164f791a3e79c3c02f1ef8b4f366175458bfb3854077cae112ce89969fc55
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a6669aac80f61bcfb6dc36e0960d25c5dc77d1462cd483c229eb52a3eea009d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60B1C261F0AE5266FBE49E2694917BA2A94EF84BC4F14A034DD4EC7786DF3CE4418F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622464 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_free$O_memcmpO_strndupmemchr
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_server_name
                                                                                                                                                                                                                      • API String ID: 780431574-4157686371
                                                                                                                                                                                                                      • Opcode ID: 1e41cae742dc45a71ab330bf3361342bb641f24b417ac3ae9a2d3597eddf7618
                                                                                                                                                                                                                      • Instruction ID: 198e1dd42e01f55be0e7b98c172c444fed4e46cebf2398dfef53710953275b6a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e41cae742dc45a71ab330bf3361342bb641f24b417ac3ae9a2d3597eddf7618
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09719FA2F0EE82A6EB609F25D4117B96B90EF857C4F446131DA4DC7A96DF2CE581CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162136B Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$D_unlock$D_read_lockmemset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c$ssl_generate_session_id
                                                                                                                                                                                                                      • API String ID: 2442218550-3346574085
                                                                                                                                                                                                                      • Opcode ID: 412145a54715a9880e32696c3233f7bae94cb3253ad594bcd99eda4b08629361
                                                                                                                                                                                                                      • Instruction ID: cde98f18e807ef78717e9d3031b3e817b4efa6af410dea8a667248bb6b76dfe1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 412145a54715a9880e32696c3233f7bae94cb3253ad594bcd99eda4b08629361
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E618F61F1ED82A6FB94EB25E9946F83B90FF847C4F442031DA0C87A95DF2DE5818B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166F490 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 298COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeO_zalloc
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c$gfffffff$gfffffff$gfffffff$gfffffff$tls_collect_extensions
                                                                                                                                                                                                                      • API String ID: 2822291608-2260929820
                                                                                                                                                                                                                      • Opcode ID: cee793ce53fc8cf869ae3a3df744c652f99a34b03a24ff1eb1b27152c51abf72
                                                                                                                                                                                                                      • Instruction ID: e0123175e49d95626b522c751b7b06e764498503f3141e4ae160aa3038399323
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cee793ce53fc8cf869ae3a3df744c652f99a34b03a24ff1eb1b27152c51abf72
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AC1F522B0AF92A1EB648B16E4107BA7B60FB89BC4F146571DD5ECB694CF3DE441CB01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622180 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 177COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_free$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$add_key_share$tls_construct_ctos_key_share
                                                                                                                                                                                                                      • API String ID: 2910640537-2776458525
                                                                                                                                                                                                                      • Opcode ID: 289501a23b5bb92a995857a8392fc14f090a91237d170fe31977079ff10d4a63
                                                                                                                                                                                                                      • Instruction ID: 9eac92c07675bc03b4305f7efcd7ef031030bf96b8275c8bf7869678acae9f8b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 289501a23b5bb92a995857a8392fc14f090a91237d170fe31977079ff10d4a63
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F718F61B0EE92A2E794AB11D5507B92B65EF847C0F442039EE8D83F96DF3CE5419F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622121 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$D_unlock$D_read_lockH_retrieve_time64memcmpmemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c$ssl_get_prev_session
                                                                                                                                                                                                                      • API String ID: 2856374240-1331951588
                                                                                                                                                                                                                      • Opcode ID: 173691a04dcf30458c2928f0737823dab1cf440cea58ce86c14d5f5c7e43937a
                                                                                                                                                                                                                      • Instruction ID: 17e076aca0f54cf0d43b4955de04e8e6778cfbd2e979c10e4134f5a51017d1ae
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 173691a04dcf30458c2928f0737823dab1cf440cea58ce86c14d5f5c7e43937a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27C1A336A0AE82A2E7959F25D5947B93B64FB88BC8F046131DE4D8B795CF3CE445CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16211DB Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$E_freeX509_Y_free$D_lock_freeL_sk_pop_freeX509_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                      • API String ID: 3478116879-349359282
                                                                                                                                                                                                                      • Opcode ID: 73eeb4c5e27859a205d1f8c0647ef6662eeac154cd29ec974cee8680553f9db9
                                                                                                                                                                                                                      • Instruction ID: afacd12fd022b913f09f8bf5c8f82ede010dcbc0e5015fc8416732b2222a3d61
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73eeb4c5e27859a205d1f8c0647ef6662eeac154cd29ec974cee8680553f9db9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C316D72B1AE42B2EB84AF25D5802BC7B20FB85BD4F042032DA5D87696CF3CE551CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1683210 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeY_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe
                                                                                                                                                                                                                      • API String ID: 110670684-68429018
                                                                                                                                                                                                                      • Opcode ID: 0b607ab7f733bbee8ba7c515808f2c8593eb65f27f81b40e27a977e953ba4c89
                                                                                                                                                                                                                      • Instruction ID: 10f633eb5d6dbadf7d6dac118326f7c18d2822208a39e21f08b374a69d4f79d5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b607ab7f733bbee8ba7c515808f2c8593eb65f27f81b40e27a977e953ba4c89
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA418E61F1EF42A6E790EB25E811AA93B10EF85BC4F442031DD4C83B96EF6CE6458B45
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162241E Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: J_nid2snO_zallocP_get_digestbyname
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$dane_ctx_enable
                                                                                                                                                                                                                      • API String ID: 481619167-1287278166
                                                                                                                                                                                                                      • Opcode ID: 3af52004187069684ce742329fbe2f7a19dcdc9b05366d6af2321df83390f2ec
                                                                                                                                                                                                                      • Instruction ID: 8bf98bbbee4f29ca21e6db30019b9e33626a2ff945db7b6b9fc18602f22cf2f9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3af52004187069684ce742329fbe2f7a19dcdc9b05366d6af2321df83390f2ec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8318061B1BF42A3E7859B11E5917B83A94EF45BC0F442039EA4D8BBD6EF2CF5518B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162D140 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$O_freeO_strdup
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                      • API String ID: 1111623124-3079590724
                                                                                                                                                                                                                      • Opcode ID: f81a6dad30362f2ac4d5aea5d7ea7990be999d68f5c66084f97cb660a3f56ef9
                                                                                                                                                                                                                      • Instruction ID: cf173069667d646a6b3280d1b187d174f7daddda1439dba3bdb2b970f52a36b9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f81a6dad30362f2ac4d5aea5d7ea7990be999d68f5c66084f97cb660a3f56ef9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C317C55E2FE4276F7D0AB64D8107F92A11EB467D1FA46031D90DC2AD2DF2CE442CA11
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162120D Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freememset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                      • API String ID: 4031674668-4238427508
                                                                                                                                                                                                                      • Opcode ID: 176b73d69b66d304dd467131cb222234baed645dd21af7a61a702f1c58830799
                                                                                                                                                                                                                      • Instruction ID: 2d9b947a9864d357cb64a0cdf159f1565062f101bada054becf7cc76eea5cd3d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 176b73d69b66d304dd467131cb222234baed645dd21af7a61a702f1c58830799
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41311E61F0AE47B5EB80AF61D4517A92B21EF45FC4F486032DD0D8B69ACF2DE245CB21
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162213F Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 146COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $ $..\s\ssl\t1_enc.c$key expansion$tls1_setup_key_block
                                                                                                                                                                                                                      • API String ID: 0-3969574974
                                                                                                                                                                                                                      • Opcode ID: 08aadb7335f0ff2100672982f44246b87d78d62cf04f43cf1e3f4d884858f655
                                                                                                                                                                                                                      • Instruction ID: 00bcb95a083917e194c99a83e5f8eb5f80d2b5b27b999ff448b8883eedde8ac9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08aadb7335f0ff2100672982f44246b87d78d62cf04f43cf1e3f4d884858f655
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23613B32A0AF8192EBA0CF15E4403AD77A8FB84BD4F445136DA8C87B99DF38D545CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1664230 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$O_mallocmemset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_buffer_record
                                                                                                                                                                                                                      • API String ID: 1168073369-935135588
                                                                                                                                                                                                                      • Opcode ID: 76a2201af0d1f3c16cac33060e385449dac4a92ad8880baa11f22c613e71bc0a
                                                                                                                                                                                                                      • Instruction ID: 12e1138627120963c217c3cc4fade5217a3a61caa3710daab99aef1e27c0af10
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76a2201af0d1f3c16cac33060e385449dac4a92ad8880baa11f22c613e71bc0a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2251AF62F1EF8192E754DF35E5402B96B60EB95BC4F04A231EE5D86656EF2CE1818B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214CE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 112COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$O_memdupR_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_alpn
                                                                                                                                                                                                                      • API String ID: 779157885-56215565
                                                                                                                                                                                                                      • Opcode ID: e0abddbf000e40564d3d04b0c022ea897e4c6c22c58c278c3f8f4f07a5871a0c
                                                                                                                                                                                                                      • Instruction ID: ca624b3cd1985ebf3bdcc00d1e41f515818a4d0db18ab07336754f5698ef67e4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0abddbf000e40564d3d04b0c022ea897e4c6c22c58c278c3f8f4f07a5871a0c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4141B2A2F0EE8195E7509B25E4043AA7B91EF45BC4F0C5135DE8C97B96EF3CE1918B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621492 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$O_malloc
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$tls1_set_groups
                                                                                                                                                                                                                      • API String ID: 1486373724-2893198050
                                                                                                                                                                                                                      • Opcode ID: 806a1877b20c149d05dbdbb9dc40a9b95b134ddfb4b097599ba16af1d1dea1af
                                                                                                                                                                                                                      • Instruction ID: b9eb6423ff7611d71df108b7705f167dc7743be682a44563b8c19abb001b77a0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 806a1877b20c149d05dbdbb9dc40a9b95b134ddfb4b097599ba16af1d1dea1af
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2041DF62B1AE62A2EB50EF11E4506BA7B90FF447D4F946431D90E83B95EF3CE901CB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16221E4 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_ec_pt_formats
                                                                                                                                                                                                                      • API String ID: 3068916411-1323216733
                                                                                                                                                                                                                      • Opcode ID: 31b3dc26473d44c47eb2d41b300b297624ea294a13f22d69dd8cbc0c06199a9f
                                                                                                                                                                                                                      • Instruction ID: d8fcecb40a49b63749c4f193ba5ea39df6b4713aecc84fe0d36c7a13de5e3a54
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31b3dc26473d44c47eb2d41b300b297624ea294a13f22d69dd8cbc0c06199a9f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3319DA1F0EF82A2E7509B10E8047B97B60EB457C4F546531EA8C87B96DF2CE6918B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16224E6 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_malloc
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_cert_status_body
                                                                                                                                                                                                                      • API String ID: 2635154176-3889181619
                                                                                                                                                                                                                      • Opcode ID: 13b7146c49aaea806554447ba368cbbbb6465e1eecd7e99dd6b658618aecd0ec
                                                                                                                                                                                                                      • Instruction ID: 60517300281c4e9c7d2d880ef3b811ca98ac33d6b28731d658c4742a26960cb1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13b7146c49aaea806554447ba368cbbbb6465e1eecd7e99dd6b658618aecd0ec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F41C562F1EE51A2E7949F55E8006BD7B50EF457C0F446032EA4D87B85DF2CE5918F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16712E0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeR_newR_set_debug$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$add_key_share
                                                                                                                                                                                                                      • API String ID: 2306805868-2958431780
                                                                                                                                                                                                                      • Opcode ID: 300fe3fd81b6a603ed009d7315560893192bd927872abdef0a5d5a794492ad7c
                                                                                                                                                                                                                      • Instruction ID: 57854ce17ffabd4d5f2e913520e3a8afdc46e1fe0219f4e692782c86d708b325
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 300fe3fd81b6a603ed009d7315560893192bd927872abdef0a5d5a794492ad7c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8741B462F0EE52A2EB90EB15E4157B92A50EF45BC0F142432EE8C87B96EE2CD5419B44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16223D8 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_enc.c$ssl3_setup_key_block
                                                                                                                                                                                                                      • API String ID: 0-2303705756
                                                                                                                                                                                                                      • Opcode ID: 4bdbe4bdcdf603a60ae9eec25e2008966699b3bad77e0d30f433085c735f4b17
                                                                                                                                                                                                                      • Instruction ID: 3ba59294ec9b9ce089bac1145904af2734d3d7ebe68be2e9d52839d8674d997c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bdbe4bdcdf603a60ae9eec25e2008966699b3bad77e0d30f433085c735f4b17
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5516E32B0AE85A7E798DF25E1402E9BBA4FB88BC0F401135EB5C87755DF78E1618B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162236F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_next_proto
                                                                                                                                                                                                                      • API String ID: 3243760035-2889161144
                                                                                                                                                                                                                      • Opcode ID: 313a86f849fdb8182494313b6896a954495c3b1bd33ea1e25ab80567406f475c
                                                                                                                                                                                                                      • Instruction ID: 1409db54651506754dce26be7529f991fb6c0eb1fbe850fc0c9d9312c85d1545
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 313a86f849fdb8182494313b6896a954495c3b1bd33ea1e25ab80567406f475c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2041B526B0EF8192E7509F20E4106B9BB60FB997C4F445131EA8C87A56EF7DE2918B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16211BD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                                      • API String ID: 2261483606-2202831108
                                                                                                                                                                                                                      • Opcode ID: c7a7be04739af81666f37998fa7be6d26dac59b08b6b6dbe981498b13f31d24a
                                                                                                                                                                                                                      • Instruction ID: 34e083d819ab411690843730c803538af4903ea7d67ecfc683a090e116afa74c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7a7be04739af81666f37998fa7be6d26dac59b08b6b6dbe981498b13f31d24a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D317C72A0EE81A1E760DB12E4017EA7B61EB44BD0F442036DE8D87B85DF3CE440CB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621483 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeO_strndup
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_srp
                                                                                                                                                                                                                      • API String ID: 3756839074-732117259
                                                                                                                                                                                                                      • Opcode ID: 03cdf45571fbad5db147449003bd307940cac94ce27e468998315ee4f0b96f7a
                                                                                                                                                                                                                      • Instruction ID: 08eb0ce7360ca8356da882a5242dad406329ec3d9b5d8934690c4144d5eb4540
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03cdf45571fbad5db147449003bd307940cac94ce27e468998315ee4f0b96f7a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7731D561F1EF8262F750AB61E4006BD6B60EB5A7C4F506531EA4C93B86DF2CE6918B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622365 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_mallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                                      • API String ID: 3414495729-2202831108
                                                                                                                                                                                                                      • Opcode ID: 48df0ff9a5c8b601e9abc75ac6184ce179ce78b09d4434ead5c91468f0998a43
                                                                                                                                                                                                                      • Instruction ID: 551ecd059bb5685456c9e8b8e8a9deab072d5fe4b3eb97d54c1568769f5a587d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48df0ff9a5c8b601e9abc75ac6184ce179ce78b09d4434ead5c91468f0998a43
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2421B021B0EE91A1F740DF12E8412BA3A64EB45FD0F482031EE4D87B86CF3CE4418B11
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621361 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_mallocR_pop_to_markX_freeX_new_from_pkeyY_freeY_set_type
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                      • API String ID: 355840433-1643863364
                                                                                                                                                                                                                      • Opcode ID: 3db9531d2b6dc588749f5d3fc88387a9a97764fba650647e6dd075ed364377c7
                                                                                                                                                                                                                      • Instruction ID: c7d52580a862105bdce4b3ab1824ca1c5389ff61e4ce2d4c4515b902b87357b0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3db9531d2b6dc588749f5d3fc88387a9a97764fba650647e6dd075ed364377c7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C31BE32E0AE9292E750DF1595042BE7BA0FF49BD8F446135DE4C87746DF39E5518B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16223EC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$O_memdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_alpn_protos
                                                                                                                                                                                                                      • API String ID: 4248801101-316209205
                                                                                                                                                                                                                      • Opcode ID: b7c938688c6d325370d0a4c2e3031650f5c9fd41a3ff30ded97c274a6cb90f32
                                                                                                                                                                                                                      • Instruction ID: 147374e0d7c5c074167e991752a61ff126497441cb9f0cac453776195335e3d7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7c938688c6d325370d0a4c2e3031650f5c9fd41a3ff30ded97c274a6cb90f32
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31C4B1F1AE86A2E7948F20E450BA93A95EF45BC5F882035DA4D87F85DF2CE451CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621393 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_mallocR_do_allR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$ssl_load_groups
                                                                                                                                                                                                                      • API String ID: 4002791538-4161590727
                                                                                                                                                                                                                      • Opcode ID: 211e2ccf8df930cb033c3dd37044dbf6959cbaf354ce65e5d449bc7e26509adc
                                                                                                                                                                                                                      • Instruction ID: 0d875d6a2c7f9afab47776519470267abfc038c36ad64592146428daa73b7ab4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 211e2ccf8df930cb033c3dd37044dbf6959cbaf354ce65e5d449bc7e26509adc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C431E121B0EF42A2EB909B54E4553FA2B91EF457D0F843032DA4E87696DF2DE441CF40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621401 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$tls1_save_u16
                                                                                                                                                                                                                      • API String ID: 1304317871-3868075628
                                                                                                                                                                                                                      • Opcode ID: 191a281176afeb264a1d7232f9b2cfbaaed705c110a9ced922615b568f44c63c
                                                                                                                                                                                                                      • Instruction ID: cdaf57b0e9e3aff38384f51de31f2f35915ab680e6edae909179c8010a6211db
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 191a281176afeb264a1d7232f9b2cfbaaed705c110a9ced922615b568f44c63c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F31B322B1EFA2A1E750DB52E5512797B64EB45BD0F486031EA8D83FA6DF3DE540CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16224C8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_mallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c$SSL_set_session_ticket_ext
                                                                                                                                                                                                                      • API String ID: 3414495729-2771971639
                                                                                                                                                                                                                      • Opcode ID: f23f34f89a976d9e9b64770cafe0cc0ef7e1e1357a16ac855f22630e859f1431
                                                                                                                                                                                                                      • Instruction ID: f4c96187328d395722c5c6ff238f9119c8f4da80529467418dc94aa62a544650
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f23f34f89a976d9e9b64770cafe0cc0ef7e1e1357a16ac855f22630e859f1431
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4131BF22B1AF4191E7909F15E4902A97B60FB85BC4F546032EE4D97B96DF3CD581CB08
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15018A0 Relevance: 13.9, APIs: 9, Instructions: 424COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3719493655-0
                                                                                                                                                                                                                      • Opcode ID: e9e299a17f92bc3bf1d1bbd218c08b6f3275528eb021834a0385c894147efa04
                                                                                                                                                                                                                      • Instruction ID: d522e3681509daeb3aa694dde2b3d88b2e96ad8f29636e0e17020c5fae24e87c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9e299a17f92bc3bf1d1bbd218c08b6f3275528eb021834a0385c894147efa04
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C602F472E1EE42EEE7648B94D8846793EA1FB85BC4F544135D68E867A0EF3CE540CB01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622126 Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                                      • Opcode ID: 8ddad5856ca7d92d08f3a49177604ac729a807c7ded62544596a6cea2bdea3ec
                                                                                                                                                                                                                      • Instruction ID: 9f26d9494ac35cc16eede080422e4a821466e622e8c628b0bf469e0011382cfa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ddad5856ca7d92d08f3a49177604ac729a807c7ded62544596a6cea2bdea3ec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98315076A0AE8196EB608F60E8407ED7765FB84788F445039DA8D87BD8EF3CD548CB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1503054 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                                      • Opcode ID: 9daafe3fd501b44f090e0f0f94c25452a803c48a0fb66691fdfbeb57f9bf99a1
                                                                                                                                                                                                                      • Instruction ID: 7e7698bf4f324525ffbad31fedfccf61f287adce92a5f068764139cfd571cd0c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9daafe3fd501b44f090e0f0f94c25452a803c48a0fb66691fdfbeb57f9bf99a1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C131196261AA81DAEB60CFA0E8503ED7764FB84B84F44403ADA4D47BA4DF3CD648CB04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162222A Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3 ref: 00007FF8A169BC1A
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3 ref: 00007FF8A169BC32
                                                                                                                                                                                                                      • CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FF8A169BD30
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1699F10: ERR_new.LIBCRYPTO-3(?,?,00007FF8A169BC05), ref: 00007FF8A1699F9D
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1699F10: ERR_set_debug.LIBCRYPTO-3(?,?,00007FF8A169BC05), ref: 00007FF8A1699FB5
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1621CEE: CRYPTO_malloc.LIBCRYPTO-3 ref: 00007FF8A162FC82
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1621CEE: memset.VCRUNTIME140 ref: 00007FF8A162FCB0
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1621CEE: memcpy.VCRUNTIME140 ref: 00007FF8A162FCE5
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1621CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FF8A162FD01
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1621CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FF8A162FD5A
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1621CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FF8A162FDD2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_clear_free$R_newR_set_debug$O_mallocmemcpymemset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_key_exchange
                                                                                                                                                                                                                      • API String ID: 1067245891-2687227884
                                                                                                                                                                                                                      • Opcode ID: 7d140191fdaccdb7f5dd66bb854c57b1edeaf98f0ecf9006dd804b52b7453e47
                                                                                                                                                                                                                      • Instruction ID: 6b20e1a9b6543dbd042c1de732efdf5ae9da5dba8913c4014e4de85d11ccc9f0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d140191fdaccdb7f5dd66bb854c57b1edeaf98f0ecf9006dd804b52b7453e47
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36415361F1EE83A2FBE49A25A505BB91B51EF45BC0F586431DD0EC77DACF2CE4418A00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621212 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                      • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                      • Opcode ID: 93cac6a41678e226aac1b9a4fcaede6dd9d2dc2fc62e9267fa342d99650c5162
                                                                                                                                                                                                                      • Instruction ID: 3310c4273fba34155070ffe1c7c60479a3d33fd2e8facfe00c4a5e6b5d91a88e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93cac6a41678e226aac1b9a4fcaede6dd9d2dc2fc62e9267fa342d99650c5162
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9411332A0AF4192EBA4DB15E8402A977A4FB44BD4F515231EA5D83BD6DF2CD941CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16226AD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_strdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_use_psk_identity_hint
                                                                                                                                                                                                                      • API String ID: 598019968-601318550
                                                                                                                                                                                                                      • Opcode ID: 9805dc3135f462e5b1b8f8fa41e784a61d9077c7ea73bfb9628992d08bc5ff00
                                                                                                                                                                                                                      • Instruction ID: f99af5aacc2ff756a5e4a6194f3adc19c36a061f9dacec86933f55f3e782d113
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9805dc3135f462e5b1b8f8fa41e784a61d9077c7ea73bfb9628992d08bc5ff00
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60215361F1AE42A1FB95DB65D8843F82A90EB487C0F546031DB1DCB792DF2CD5918B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16222D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$F_parse_listO_mallocO_memdup
                                                                                                                                                                                                                      • String ID: ($..\s\ssl\t1_lib.c
                                                                                                                                                                                                                      • API String ID: 3703324232-198664497
                                                                                                                                                                                                                      • Opcode ID: 1887056e8af1d745cb53f732cd401761057caae5ad505e6df00a298f56d3623d
                                                                                                                                                                                                                      • Instruction ID: aa500a1591e01b4722345bafae378fadcb8f22af346038626c1aebc02ee355b6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1887056e8af1d745cb53f732cd401761057caae5ad505e6df00a298f56d3623d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59212A72B0AF5292EB509F06F48026A7A69FB85BC4F446035EA8D87F69DF3CD511CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15012F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4139299733-0
                                                                                                                                                                                                                      • Opcode ID: 968830f3c7c454f9a1bbc9b2f73058001b5b118faf9c477e6b3515fc0b55aa85
                                                                                                                                                                                                                      • Instruction ID: 288ae001514f1ad8ffc0d1439b7ef24682265ee780daa077cc81843b93382e67
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 968830f3c7c454f9a1bbc9b2f73058001b5b118faf9c477e6b3515fc0b55aa85
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9E10072D1ED52EDEB648B94D8946792BA5FB40FC0F140135EA4E876A0EF2CEA41CF01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1681126 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_encrypted_extensions
                                                                                                                                                                                                                      • API String ID: 3271392029-215004271
                                                                                                                                                                                                                      • Opcode ID: 8ce280a8271c90e31b8a1fa7b20d500aadcd5e5709fd6478b930b131fb8cb045
                                                                                                                                                                                                                      • Instruction ID: de5e56e2140cbc2a0894559e748626786877d62d4c34487e619f84b60a99a842
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ce280a8271c90e31b8a1fa7b20d500aadcd5e5709fd6478b930b131fb8cb045
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A31E8B2B2DE8196E7508B55F4542AABB94FB847D4F046031EA8D87B49DF7CE1908F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16866E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_encrypted_extensions
                                                                                                                                                                                                                      • API String ID: 3271392029-215004271
                                                                                                                                                                                                                      • Opcode ID: 84642ed8a5c43c6971cf398a96a1946f09597fd7e34e33d1b520635109f86f7a
                                                                                                                                                                                                                      • Instruction ID: fc3c0693b382fb96fbc33fb1e1531c4bfabb2e26bac271d0aad076c528948609
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84642ed8a5c43c6971cf398a96a1946f09597fd7e34e33d1b520635109f86f7a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2631B4B2A2EE8191E7509B61E4517BA7B50FB847C4F406135EA8D87A99EF7CD284CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A168D170 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_mallocR_newR_set_debugmemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$construct_key_exchange_tbs
                                                                                                                                                                                                                      • API String ID: 3542074325-1491770217
                                                                                                                                                                                                                      • Opcode ID: fd5eeb63530773deb51f116d5f9fe9186ce15926bc507d37e824dacb478f9677
                                                                                                                                                                                                                      • Instruction ID: 26d493c7bdb6cbc3dfb3e7ccef8ac3ec21c937f2f4434005940b047a7a3f86b3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd5eeb63530773deb51f116d5f9fe9186ce15926bc507d37e824dacb478f9677
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E215E22E09F81A2E745DF25E9415E96B20FBA8BC4F45A231DF4C53756EF38E2958B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1624300 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                      • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                      • Opcode ID: 667439262e8e2320ee444a3f9abe47934b0530f35cbc9dec6e428bd711a76e2b
                                                                                                                                                                                                                      • Instruction ID: b82a3426939622f9120619d96fbbd73fba23dce261447a3c77a8b32359332ae3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 667439262e8e2320ee444a3f9abe47934b0530f35cbc9dec6e428bd711a76e2b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A511B272A19F4192D7849F59F48059876A0FF047C4F996034D60C86681DF39D591CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621389 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                      • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                      • Opcode ID: 06cd698d7b9b9c1015e08acfd5484ab58efbd7fefce8ff155c0a379484c2fd19
                                                                                                                                                                                                                      • Instruction ID: 07e0572e45136f847ee5ddfe95d4038e0cf2daf3caa049035553bf1ee29f9e7d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06cd698d7b9b9c1015e08acfd5484ab58efbd7fefce8ff155c0a379484c2fd19
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4511E072A0AF42A3D744DF59F8805A876A0FB087E4FA8A234D66C877D1DF38D552CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621488 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                      • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                      • Opcode ID: 3c6501808a3d8e66910aa0768d6d194b261b0e620f083f6ee047fdf7a2cb0ec6
                                                                                                                                                                                                                      • Instruction ID: 8edf44d29c053de4fa6b3203ccd7f634979d8cedd7ba0ed6e037a095f87730ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c6501808a3d8e66910aa0768d6d194b261b0e620f083f6ee047fdf7a2cb0ec6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B801E572A0AF41A2D744DF18F8404A876A4FF547D4F655231D66C87BE1EF38D952CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1628630 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrl
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3605655398-0
                                                                                                                                                                                                                      • Opcode ID: 6c4186ce9722da3542ccfeba836bce3a4931d3002f31129583d5ef1d54928c22
                                                                                                                                                                                                                      • Instruction ID: 567e4c9f3a0e1ef6bdb0bd263ed85b341bcaa1d1e9afd08824531d9955b8b871
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c4186ce9722da3542ccfeba836bce3a4931d3002f31129583d5ef1d54928c22
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16319773B15A9552DBD89B65D9A1BFC2695EB887C0F046039DF0E87B81DF2CD4508B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162114F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeR_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_process_buffered_records
                                                                                                                                                                                                                      • API String ID: 2314896662-3750322838
                                                                                                                                                                                                                      • Opcode ID: 67879ad32886238c6f3f838bc3d1a1cb93214a9e79e619f6edaea9e671e3193b
                                                                                                                                                                                                                      • Instruction ID: a1e07741e5ae6a8eef62ba26b0555d2234cd62bc093e1f3edadb4aa0993669a8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67879ad32886238c6f3f838bc3d1a1cb93214a9e79e619f6edaea9e671e3193b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC418222B1AE52A1EB549F22D4402B92B61EF89FC4F442032EE1EC7795EF2CD451CB50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621262 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                      • API String ID: 1247630535-349359282
                                                                                                                                                                                                                      • Opcode ID: 24b314e282b566103a9c86e58b143d12934b6053f160aa45369882e913cf9f7a
                                                                                                                                                                                                                      • Instruction ID: 830feffcaf3f8d3ec9033e97ff46ff01cf65f8b9a1227d5ac687c8328eef7cc1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24b314e282b566103a9c86e58b143d12934b6053f160aa45369882e913cf9f7a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5015B36B1AF5192E7509F25E4401AD7764FB88FC8F046122EA8D87B49CF7CD611CB44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A163A600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$L_sk_pop_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                      • API String ID: 1650471521-1527728938
                                                                                                                                                                                                                      • Opcode ID: 1d16ea61a087ecd936b76b3ab7e93c2fe653fc4da016da411b6fce63869865d3
                                                                                                                                                                                                                      • Instruction ID: a5dbe831c904892194460b2d20cedd306a0a6233901d4c7c0b52375b6fa0b10f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d16ea61a087ecd936b76b3ab7e93c2fe653fc4da016da411b6fce63869865d3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69017572B1AE57A6EB90AB15E4502FA3B21FB85BC0F487031E94D87755CF2CE646CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162139D Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_unlock$D_read_lockH_retrievememcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3379989983-0
                                                                                                                                                                                                                      • Opcode ID: 8e7ae663a84b56faa19d743ed503924d82dbd1972720946300b7c3885e37eec5
                                                                                                                                                                                                                      • Instruction ID: f3782fb894c49664d7e0fda22e9039e25565b00d4f4f8742eeef7adcf8205766
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e7ae663a84b56faa19d743ed503924d82dbd1972720946300b7c3885e37eec5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B531D32671AE81A6E7A99B52D5903B97764FB88BC4F046032DE0D87792EF3CE011CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166D2F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_bytes_exO_mallocmemset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\tls_pad.c
                                                                                                                                                                                                                      • API String ID: 2022753641-3631836059
                                                                                                                                                                                                                      • Opcode ID: 20b6bad2e288fa1953e84d48e46959ade97dca001cf6e78dcd1cc0bfb829beb0
                                                                                                                                                                                                                      • Instruction ID: 6aed0983125b496e7572a954f14695f65050e01e175dee30c44a2f3ae75eb519
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20b6bad2e288fa1953e84d48e46959ade97dca001cf6e78dcd1cc0bfb829beb0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1961F43371AB8556EB65CF22A4107EAAB91F749BC4F086131DE9E87B44EE3CD545CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621181 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                      • API String ID: 2581946324-3140652063
                                                                                                                                                                                                                      • Opcode ID: e63d00a5a57e434b55901e15d2f42545ec6046d1d98a35ab01b6fea9addd210f
                                                                                                                                                                                                                      • Instruction ID: be393a714e11090f43d0ea95344417238495d5c6bf732e2ccf8c024c4f143e2f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e63d00a5a57e434b55901e15d2f42545ec6046d1d98a35ab01b6fea9addd210f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CF030A2F1AD0765FF50AB15D8517B42B11EF84BC1F442031DE0DC7A96EE1DE61A8F50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162117C Relevance: 6.2, APIs: 4, Instructions: 157COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: H_deleteH_retrieve_time64
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 406310823-0
                                                                                                                                                                                                                      • Opcode ID: f44faae684e3905543eced175f971e84d12effa27430db8e4172456c1a789f59
                                                                                                                                                                                                                      • Instruction ID: f3d8071e2a6306c580bc54433f0384553675790e90fe21f7d33264f916e651a0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f44faae684e3905543eced175f971e84d12effa27430db8e4172456c1a789f59
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51A162B0BE9256EBA5DF259691BB92B90EF85BC4F046430DD0DC7B85EF3CE4408B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621677 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3040165603-0
                                                                                                                                                                                                                      • Opcode ID: 1264aed688649fc5d984454ab535d63e39123a0c34262f812993d95212bfc915
                                                                                                                                                                                                                      • Instruction ID: 2f0c34b6661ecfa1447ef1989c1660e4a288972ea7b78148c976af0482eb6203
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1264aed688649fc5d984454ab535d63e39123a0c34262f812993d95212bfc915
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E118621B1BF5256EB94AF1696442796795FF45FC4F086031FE0D8B79ADF2CE8004B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16284B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1622590: CRYPTO_malloc.LIBCRYPTO-3 ref: 00007FF8A16638E4
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1622590: ERR_new.LIBCRYPTO-3 ref: 00007FF8A16638F1
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1622590: ERR_set_debug.LIBCRYPTO-3 ref: 00007FF8A1663907
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1622590: ERR_set_error.LIBCRYPTO-3 ref: 00007FF8A1663917
                                                                                                                                                                                                                      • CRYPTO_zalloc.LIBCRYPTO-3 ref: 00007FF8A16284FD
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: EVP_PKEY_free.LIBCRYPTO-3 ref: 00007FF8A162E636
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: EVP_PKEY_free.LIBCRYPTO-3 ref: 00007FF8A162E64D
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E689
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: OPENSSL_sk_pop_free.LIBCRYPTO-3 ref: 00007FF8A162E69C
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E6B5
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FF8A162E6D5
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E6EE
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E707
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E728
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E741
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A162E75A
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A162120D: memset.VCRUNTIME140 ref: 00007FF8A162E776
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freeO_mallocO_zallocR_newR_set_debugR_set_errormemset
                                                                                                                                                                                                                      • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                      • API String ID: 445347627-490761327
                                                                                                                                                                                                                      • Opcode ID: 1acdab9e15928da1d64fcba7980c42116a4c9422e6309fbbdb823abab4f3acb7
                                                                                                                                                                                                                      • Instruction ID: 80d2ebf09900c0b4bc7a6a209863147de23ca58678a4fc2af7653210a1241a64
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1acdab9e15928da1d64fcba7980c42116a4c9422e6309fbbdb823abab4f3acb7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05319861F1AE5291E7D89B25A5513B926D4EF48BC0F082035EF5EC7786DF2CE4A0CB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16223E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_memdup
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                      • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                      • Opcode ID: 83ba57ea2f63e5d25bc25b3a12f57e5ab8c16677182ba9d2e40e584531579eb6
                                                                                                                                                                                                                      • Instruction ID: 8e3f449d2a3fc456dd98ab75a430c1d93b09620e10618323ca05a54869c0821c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83ba57ea2f63e5d25bc25b3a12f57e5ab8c16677182ba9d2e40e584531579eb6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3018861F0EF8191E7918B15A5902A96698FF58FC4F086131ED5C87B49DF2CD5518B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16922F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_memdup
                                                                                                                                                                                                                      • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                      • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                      • Opcode ID: a85e3e8a24e4eeb428877a109fc4a13ce6daae351462691f4826fbe199c60bae
                                                                                                                                                                                                                      • Instruction ID: 728ba994da0d8adf3376d9bcb96b91742fc091c72157f7f9c9f293d57ff057df
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a85e3e8a24e4eeb428877a109fc4a13ce6daae351462691f4826fbe199c60bae
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D101DA3270AF8291EB909F12E8856997BA8FB58BC0F089435EF8C87B55DF3CD5518B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16314E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_strndup
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                                                      • API String ID: 2641571835-3659835543
                                                                                                                                                                                                                      • Opcode ID: b4a55b767f0d97bc12d72e71db74bbd55fe75f9d40200b1de7e2156741271c11
                                                                                                                                                                                                                      • Instruction ID: 359de2364ea7b5386cdf99386da018a7bf0685bea8ca8085134ade58d1652575
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4a55b767f0d97bc12d72e71db74bbd55fe75f9d40200b1de7e2156741271c11
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F016D32B1AE5191EB809F5AF5403A96B60FB48FC4F086032FE5E93B49DF2CD5618B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A167F660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_memdup
                                                                                                                                                                                                                      • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                      • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                      • Opcode ID: b1ba4f676e7cba9f2f2b58de4d4b341a4c05a7496b7e0e1d6a7617de362f3e5d
                                                                                                                                                                                                                      • Instruction ID: 67e33c224f55bfa07c06d75b9a89a1df95893f53fe147cf32f1804d24bee9bb7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1ba4f676e7cba9f2f2b58de4d4b341a4c05a7496b7e0e1d6a7617de362f3e5d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D012C3270AF9291EB509F12E8806997BA8FB58BC0F189435EF8C87B59DF3CD5518B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1678350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_strndup
                                                                                                                                                                                                                      • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                      • API String ID: 2641571835-2521442236
                                                                                                                                                                                                                      • Opcode ID: 3225c35bf251e626e4139bc26850fbb057844e1e254e5c67df70bb6ce82af30e
                                                                                                                                                                                                                      • Instruction ID: fcd38ca1d283cfbb0e818eb6b1214fad4a1438c5427fa470219588fb27a09d43
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3225c35bf251e626e4139bc26850fbb057844e1e254e5c67df70bb6ce82af30e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBF08C36B0AE4291EB409B56E8956EC2B64EB4CBC4F449036EF0C87759CE2CD6658B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16211A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeX_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                      • API String ID: 2813942177-1643863364
                                                                                                                                                                                                                      • Opcode ID: 16a88570ee957e735644bdec5540f278f8c09d8907a1b7211975a298b9296d0f
                                                                                                                                                                                                                      • Instruction ID: bbff2f374c63ddd4081af2c392096cb3246fae4c04e9f36648ad71d15ece58b5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16a88570ee957e735644bdec5540f278f8c09d8907a1b7211975a298b9296d0f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94E01251F4FD0261FB94BB66A8622B81A81DF85BC0F447031ED0ECAB83EF1CA5504F14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16686D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_cleanseO_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                      • API String ID: 4015144264-837614940
                                                                                                                                                                                                                      • Opcode ID: 21cc41989528223854c270181327ac9470844c24f6d2dda4b5d884cfa4c49853
                                                                                                                                                                                                                      • Instruction ID: 440f3ae089089a7db26b8bdd5dad6f2c9c1bc539a43c0d62704349b3d9956c72
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21cc41989528223854c270181327ac9470844c24f6d2dda4b5d884cfa4c49853
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9E09B92B07E8151F790AB6DC4857A41A50EF44BC8F081230DD0C8F797CF5AD586CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1624FA0: CRYPTO_free.LIBCRYPTO-3(?,?,?,?,?,00007FF8A162412F), ref: 00007FF8A1625094
                                                                                                                                                                                                                      • CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A1624146
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                      • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                      • Opcode ID: 17d06eb9d22a5cd07f8da9464462154e8f599e77b3caf41af0fe62863e58ac01
                                                                                                                                                                                                                      • Instruction ID: e8663bd2f151bbc537e347aa82adda1491d6bc2e2ca0b743d59b00d70cb1ece2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17d06eb9d22a5cd07f8da9464462154e8f599e77b3caf41af0fe62863e58ac01
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BF096B2F1AE0251EB909B25A8447792AA1EF987D1F643030E90CC7785DF6CD891CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16652A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                      • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                      • Opcode ID: a0ea09f7b4caa632463648e6a5a3eac89013ff4ec3887a629b3c32d42dcac195
                                                                                                                                                                                                                      • Instruction ID: 6ee472abb3d47b282c64a24970d1a8a6abc3a79e00e538a04bd3a0891ee7b3af
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0ea09f7b4caa632463648e6a5a3eac89013ff4ec3887a629b3c32d42dcac195
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DF08251F1ED42A1EF84AB16F5412BD5651EF88FC4F486031EE0D8BB8BEE2CD8914B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622374 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                      • API String ID: 2581946324-2721125279
                                                                                                                                                                                                                      • Opcode ID: a5a9ce0d2f9ab63b190a741bd0a683601dce4693582931fbc251ceb44882c340
                                                                                                                                                                                                                      • Instruction ID: df294bceca29493fd4f661710d881011516284633bbc5c19b568c5dd8a135d4c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5a9ce0d2f9ab63b190a741bd0a683601dce4693582931fbc251ceb44882c340
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FF0B432B29E51A0EB845B24F5402696B65FB88FC4F596030FA4E97749DF38D540CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166E260 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                      • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                      • Opcode ID: 496e81ba4a152e5f5996a1ac003a677bc8841543c4498346642b06517555573c
                                                                                                                                                                                                                      • Instruction ID: 2317c0576fe1e4d48b5473fc4b00d26b1425553020ebe4e8ed2d0f6993c8ec1f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 496e81ba4a152e5f5996a1ac003a677bc8841543c4498346642b06517555573c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E05BA2F0BE409EE7859B65D8053D43698FB0CB85F841030ED4CC7741EF58C7518B14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162B200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_clear_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                      • API String ID: 2011826501-1839494539
                                                                                                                                                                                                                      • Opcode ID: a3fd00c98839b7e8c1664afbc487672423ed4b4892010f20281f31aa65610e19
                                                                                                                                                                                                                      • Instruction ID: e6aad3da6cc243f076874a07e3c7997cf5eff0bd5b999c0c2ac416511373d647
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3fd00c98839b7e8c1664afbc487672423ed4b4892010f20281f31aa65610e19
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAE0C232B0AE4582D7819B65EC003E826A8FB0CF88F481031E90CCB751EE28C7938780
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                      • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                      • Opcode ID: 19486f1f70c6fc214faf183a925b9ec0f1369ca687dbcddd0267e641ce2128b8
                                                                                                                                                                                                                      • Instruction ID: fd4d4950eb44b7b9199356617f0be886429c0d31a32a7549c122c01f1df87b99
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19486f1f70c6fc214faf183a925b9ec0f1369ca687dbcddd0267e641ce2128b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFE05EA2F07F409AE7C2AB65D8453D83698EB4DF85F581031DE4CCB782EE69C7918B14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162D2E1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                      • API String ID: 2581946324-4238427508
                                                                                                                                                                                                                      • Opcode ID: 6350cf16a9c0d126380f3fa9b0e1836d1dc1cf503f95eea3ecfac14a546e38b6
                                                                                                                                                                                                                      • Instruction ID: a213754ea4fd707324708e5892ba81b1adb148e6e9f2cf3f94657f819e70e100
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6350cf16a9c0d126380f3fa9b0e1836d1dc1cf503f95eea3ecfac14a546e38b6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAE08622B09F4191E740AF15F4402986725E781BE4F1C5032DF0C4BA49CE79D082D711
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1668620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                      • API String ID: 2581946324-837614940
                                                                                                                                                                                                                      • Opcode ID: 3a461e82d920eee6affc8a1e166abff8fe390424ca01de1d863dacd1067ef0e7
                                                                                                                                                                                                                      • Instruction ID: aa4ff971482743cc473483a93753a44121c018cb0eb0911dc2d8d184495298e9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a461e82d920eee6affc8a1e166abff8fe390424ca01de1d863dacd1067ef0e7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CD0A7A3F09D01A1EB407F21DC013A43761EB48B84F499030D50CC7B42DE2D99448B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A163E227 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1724170673-0
                                                                                                                                                                                                                      • Opcode ID: dba52de233cc2b69350f587698fd3148d50166bd7fb018036490d9ced0c3ceee
                                                                                                                                                                                                                      • Instruction ID: 47af348ab4af641f7a680528a94a52f847be6b62e754a28f2ffd037f8ef7b914
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dba52de233cc2b69350f587698fd3148d50166bd7fb018036490d9ced0c3ceee
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1D02B12F0DD8152EB805752FD042E56750EF48BC8F186030FA4CC3FA7ED18D9510A00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1641494 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrl
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3605655398-0
                                                                                                                                                                                                                      • Opcode ID: 712598ef7f4895992ec25f55054b047b431da229c4788b431bfd6fb2788ab58a
                                                                                                                                                                                                                      • Instruction ID: 66db921974f590c96d95281fb530b14ba4c3eaf4a08714155efe6863af1f34ce
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 712598ef7f4895992ec25f55054b047b431da229c4788b431bfd6fb2788ab58a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95F0BEB3D0FD92E7E7A44F18D8514F92BA0EF447C4F092032DA4C8A186DE2D75468E42
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16321F0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_run_once
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1403826838-0
                                                                                                                                                                                                                      • Opcode ID: 001cd4771d6f2b870f5e2e680b4ac14c104d7506a7621e2cc91e670adcdf643c
                                                                                                                                                                                                                      • Instruction ID: eef1dbb73e40d030012cc391eee00637dfd498615a25e8ebb7b77563e51651f5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 001cd4771d6f2b870f5e2e680b4ac14c104d7506a7621e2cc91e670adcdf643c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8E0EC28F1FD83A6FB85AB28EC616752AA0EF513D0F906139E41DC25D1DE1CE9158F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16212CB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_run_once
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1403826838-0
                                                                                                                                                                                                                      • Opcode ID: 3967ec2dced1998402e64a30c320066bae59fdba63e2d9367f86d3e407c5ac3e
                                                                                                                                                                                                                      • Instruction ID: aae66816abb4780589c6e794a21ace149d8b31170a919dafd5d43be6b288f256
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3967ec2dced1998402e64a30c320066bae59fdba63e2d9367f86d3e407c5ac3e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8D0C919F1FC47B2FB806B29E8551B42A11EF803C0FD06032D01DC7AA2EE1CE6168F80
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16222DE Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$X_new$D_get_typeO_ctrlO_freeX_copy_exX_freeX_get0_md
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_enc.c$ssl3-ms$ssl3_digest_cached_records$ssl3_final_finish_mac
                                                                                                                                                                                                                      • API String ID: 2271831671-3843019499
                                                                                                                                                                                                                      • Opcode ID: 07ec13ae754f00028e371ea3bc23f730fb5e1292ed5802f981742417ff24f751
                                                                                                                                                                                                                      • Instruction ID: 11f71e1a325031fcee5233980038299dcea85b9136ab663809544f22d022502e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07ec13ae754f00028e371ea3bc23f730fb5e1292ed5802f981742417ff24f751
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B281B062E0EE46A6F7A0AF6599516FA2B50EF857C4F40A031DE4DC7692EF3CE1458B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621497 Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 306COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: $..\s\ssl\statem\extensions_srvr.c$HMAC$SHA2-256$tls_construct_stoc_cookie
                                                                                                                                                                                                                      • API String ID: 193678381-1087561517
                                                                                                                                                                                                                      • Opcode ID: dfede8cc067dcd9ddb4b34bd0b789483d7e2bf23318d8c82cad3df1b5b3ef3f1
                                                                                                                                                                                                                      • Instruction ID: f20808360730771a06b994bed5c72b8794ecec7cc38dfed3a46e16b0398930e6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfede8cc067dcd9ddb4b34bd0b789483d7e2bf23318d8c82cad3df1b5b3ef3f1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8D16AA1F0EE53A1FBA4AA6295503F92B99EF417C4F486031DD0DC7A86DF3CE9058B50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162129E Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugX509_free$R_clear_error$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$use_certificate_chain_file
                                                                                                                                                                                                                      • API String ID: 2477526543-3764335005
                                                                                                                                                                                                                      • Opcode ID: 5cf115f32ab416de79ec18a0b08a4b2ebfcdbafdfbd672d3ad137a6a6e6872f0
                                                                                                                                                                                                                      • Instruction ID: 5790f62c94be3d716395c6d841adb60d7305887ca5d78167644ac52cee0c8924
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cf115f32ab416de79ec18a0b08a4b2ebfcdbafdfbd672d3ad137a6a6e6872f0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5818062F0FE4262FB90AA66E6516B92B91EF847C0F546431ED4DC7796DF3CE4418E00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1651250 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 214COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651315
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651333
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651358
                                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651369
                                                                                                                                                                                                                      • EVP_MD_get0_name.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A16513C5
                                                                                                                                                                                                                      • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651440
                                                                                                                                                                                                                      • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651472
                                                                                                                                                                                                                      • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A16514A6
                                                                                                                                                                                                                      • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A16514DA
                                                                                                                                                                                                                      • OSSL_PARAM_construct_octet_string.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651511
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: M_construct_octet_string$R_set_debug$D_get0_nameR_newR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_enc.c$TLS1-PRF$digest$secret$seed$tls1_PRF
                                                                                                                                                                                                                      • API String ID: 2018442406-343031646
                                                                                                                                                                                                                      • Opcode ID: c676d91a42975e093c3893dccd350d3384cb2f496cb7855e3cc3ed93ac919d5c
                                                                                                                                                                                                                      • Instruction ID: 1790aebc43c3b817899d0f224ae6a955af97a90de1f2e5655b4288306814db2a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c676d91a42975e093c3893dccd350d3384cb2f496cb7855e3cc3ed93ac919d5c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9B18F62A0DFC6A6E761DF24D8416E97B60FB997C8F006132EE4D57656EF38E184CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165E1F0 Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 248COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E23B
                                                                                                                                                                                                                      • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E3E7
                                                                                                                                                                                                                      • BIO_puts.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E3FD
                                                                                                                                                                                                                      • BIO_puts.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E415
                                                                                                                                                                                                                      • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E24F
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A165DBC0: BIO_printf.LIBCRYPTO-3(?,00007FF8A165B04A), ref: 00007FF8A165DC04
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A165DBC0: BIO_printf.LIBCRYPTO-3(?,00007FF8A165B04A), ref: 00007FF8A165DC1F
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_printf$O_indentO_puts
                                                                                                                                                                                                                      • String ID: KeyExchangeAlgorithm=%s$UNKNOWN$UNKNOWN CURVE PARAMETER TYPE %d$dh_Ys$dh_g$dh_p$explicit_char2$explicit_prime$named_curve: %s (%d)$point$psk_identity_hint$rsa_exponent$rsa_modulus
                                                                                                                                                                                                                      • API String ID: 3310571797-1380109711
                                                                                                                                                                                                                      • Opcode ID: 47121956bf6636675cfb9b2e70c2587bc754de3f6f9d9fe41b36e48461540114
                                                                                                                                                                                                                      • Instruction ID: e2d522f8815a8177f6cfb12416767142147a5ad8f9d327847280e0408ce3bef7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47121956bf6636675cfb9b2e70c2587bc754de3f6f9d9fe41b36e48461540114
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71A1E022B0AE96A5EF64CB11E5051EABF52FB443E0F446132DA8D83B94EF3CE514CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214BF Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 243COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                      • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                      • Opcode ID: 9309f1701a42d567f2b256d78ef444061abe5330f80f315c89d8de48205de333
                                                                                                                                                                                                                      • Instruction ID: 6cd5b0fe3004997839c842988ca05961d5a7b22f3809cc103173641a0839e16b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9309f1701a42d567f2b256d78ef444061abe5330f80f315c89d8de48205de333
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51A183A2E0EE42A6F7A4AE25C4407B82B95EF40BC4F146431D90DC6AD5DF3CE889CF41
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622216 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 213COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_key_share
                                                                                                                                                                                                                      • API String ID: 193678381-166674739
                                                                                                                                                                                                                      • Opcode ID: 3d54f432a21c69ec89392fa1055242ed499851da1c9f716241028e5d558cc84c
                                                                                                                                                                                                                      • Instruction ID: f0333b34861df2729a0c61f1a94586e8c57e9d4ee99a316dc59f95b985cd9acf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d54f432a21c69ec89392fa1055242ed499851da1c9f716241028e5d558cc84c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE91A1E1E0EE9261F760AB2195003FA2B90EF417C4F14A132ED5D97ADACF3CE5819B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16992D0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$Y_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_cke_dhe
                                                                                                                                                                                                                      • API String ID: 2633058761-3621362005
                                                                                                                                                                                                                      • Opcode ID: a7444e1bcfd5410f9eda6f28be5c046faa39b1ff1ce0c85e3c02d84bef2eb252
                                                                                                                                                                                                                      • Instruction ID: ea13fc856cf3b2630af975b954a73477f909636a00c1500a44704fc93a717eb8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7444e1bcfd5410f9eda6f28be5c046faa39b1ff1ce0c85e3c02d84bef2eb252
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18416D61B4EE42A6FB90AF61E8412B97A51EF85BC4F946031DD4D87BD2CF3CE5418B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16356E0 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 101stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: strncmp$R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list
                                                                                                                                                                                                                      • API String ID: 1930259724-1099454403
                                                                                                                                                                                                                      • Opcode ID: cd731b4d236905a648258da8a9046f31ad121a3fa299a8f54cbee44a92dc2aeb
                                                                                                                                                                                                                      • Instruction ID: a7d3cfff8057f19ad8f291f21d5fb64d51695825dc86bbb9cf5ae7fd70162425
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd731b4d236905a648258da8a9046f31ad121a3fa299a8f54cbee44a92dc2aeb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE416B72A0AE16AAEB108F25E8543B92BB0EF44BC4F516435EA0EC3690DF7CE554CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16216E5 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_PrivateKey_file
                                                                                                                                                                                                                      • API String ID: 1899708915-420668618
                                                                                                                                                                                                                      • Opcode ID: 48d8b9773a2c88f75f51598071bf54a82af255aa8e467cc2acd19f51dbe07e4f
                                                                                                                                                                                                                      • Instruction ID: 821ef30cf147dc223793deab4c1fa6183f70a41044d305413792545fc328019a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48d8b9773a2c88f75f51598071bf54a82af255aa8e467cc2acd19f51dbe07e4f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6141A165B0EE42B2F790EB61E5401B92B91EF887C0F545036EA4E87796DF3CE5858B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16224A5 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 419COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newX_ctrl$R_get_flagsR_set_debugX_get0_cipher$O_test_flags
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_bytes
                                                                                                                                                                                                                      • API String ID: 2309317691-176253594
                                                                                                                                                                                                                      • Opcode ID: 608755934d9bf44955aa4b124b746fd5c25db4abe21bd61a4c9f5f6bae83f1e4
                                                                                                                                                                                                                      • Instruction ID: 08357fe9eb9f1e794cf43b797a8af604886786e4f98815211d5edcbc3d823020
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 608755934d9bf44955aa4b124b746fd5c25db4abe21bd61a4c9f5f6bae83f1e4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8029E32A0AF92A6EB549F25D4047B97BA5EB40BC8F182435DE9E87789DF3CD445CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1682340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$set_client_ciphersuite
                                                                                                                                                                                                                      • API String ID: 193678381-554836899
                                                                                                                                                                                                                      • Opcode ID: 082852eaa4545fd18bcd26e35a9720c01327232d50b215c10cc8444968067bd4
                                                                                                                                                                                                                      • Instruction ID: 2f892e3f43ae7f5d1c6efe7592aa6f618035d5113883a442bb311a6444bd8914
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 082852eaa4545fd18bcd26e35a9720c01327232d50b215c10cc8444968067bd4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D971A222B1EE42A2E790DB29E450BA92B60EF94BC4F446431DA0DC7796DF2DE581CF10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162215D Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 139stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$L_sk_freeL_sk_new_nullstrchrstrncmp
                                                                                                                                                                                                                      • String ID: ..\s\ssl\d1_srtp.c$ssl_ctx_make_profiles
                                                                                                                                                                                                                      • API String ID: 4085728402-118859582
                                                                                                                                                                                                                      • Opcode ID: aaf1646f3a62ad21456d25cce2090d56c4c5a22c7e010551de2a734122597230
                                                                                                                                                                                                                      • Instruction ID: 2c285cac81ad10d22ecbd783acd6680266a4f97da0a96696bab7c78c78902c5f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaf1646f3a62ad21456d25cce2090d56c4c5a22c7e010551de2a734122597230
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0151A621F0EE5666FB909B5598043B95A92EF857C4F58A035DA0DC7786DF3DE842CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162B260 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_ctrlO_freeX_new
                                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_enc.c$ssl3_digest_cached_records
                                                                                                                                                                                                                      • API String ID: 1193811298-2469352020
                                                                                                                                                                                                                      • Opcode ID: 43e815efb65d38c7e64137c6eb2279c1eb4f9ee1dbb63ea130a37c332dd7cdcd
                                                                                                                                                                                                                      • Instruction ID: f57732e0a84890f0a12de911439b85954a7f2cedf4bf7946832dccaeaeb64dc5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43e815efb65d38c7e64137c6eb2279c1eb4f9ee1dbb63ea130a37c332dd7cdcd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0418562F1AE42A2E7D0EB25E8517F92B60EF857C4F446431DE1D87796DF2CE5418B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A164C4E0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$Y_new
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_use_RSAPrivateKey
                                                                                                                                                                                                                      • API String ID: 2166683265-3086726788
                                                                                                                                                                                                                      • Opcode ID: bab1bec70d920d2d97ef317d1af5101b29c9bb31922f33ea0e015d75f102d1b8
                                                                                                                                                                                                                      • Instruction ID: 144111f6f7898d24de9694bc40fabf90b8652a20d8a420d0d0bcd47811744f71
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bab1bec70d920d2d97ef317d1af5101b29c9bb31922f33ea0e015d75f102d1b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3219151F1DE42A2EB84FB25A5416F92A91EF487C4F442031EA0DC7A97DF2CE5518F44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214F1 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flagsmemmove
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                                      • API String ID: 3874383451-4226281315
                                                                                                                                                                                                                      • Opcode ID: aa1306b907f0a60105fa8245bf3acb7055e7537e273dc0fc9e794c988f6488c0
                                                                                                                                                                                                                      • Instruction ID: e75d61cf4c993ab91a27bb2803e5de5d4c45d3e4c6dde67b1ae65482db47e000
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa1306b907f0a60105fa8245bf3acb7055e7537e273dc0fc9e794c988f6488c0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2391B032A0AE82A2FB549F25D4447FD2A92EF40BD8F546235DD9E87A85DF3CD445CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162165E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$No groups enabled for max supported SSL/TLS version$tls_construct_ctos_supported_groups
                                                                                                                                                                                                                      • API String ID: 193678381-1756869798
                                                                                                                                                                                                                      • Opcode ID: bde02f0962528dc0103f7043ecc4e5bcf07b5367a5abc03eade461fd0d1deccf
                                                                                                                                                                                                                      • Instruction ID: a20287aa89a5d96a5f02824b63692289ff03e63e457c0eef1b20559948498144
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bde02f0962528dc0103f7043ecc4e5bcf07b5367a5abc03eade461fd0d1deccf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F717B61B1EA42A6E7A0AB21E5147BA2B94FB807C0F546431ED4D83E95DF3CE941CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214E7 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_use_srtp
                                                                                                                                                                                                                      • API String ID: 193678381-2011129389
                                                                                                                                                                                                                      • Opcode ID: cda6b17325c25f55826df3d482aa3eaf75a8f004de69729d7c52e706c4deef64
                                                                                                                                                                                                                      • Instruction ID: 0886b10456dc6597cf2773822d63f447535deffb82ef6a4af058a6d50f69ff4f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cda6b17325c25f55826df3d482aa3eaf75a8f004de69729d7c52e706c4deef64
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB510762F1EE81A5F794EB21E8426B97B91EB84BC0F446431DA5D83BD2DF2CD450CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A167E240 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                      • API String ID: 0-3323778802
                                                                                                                                                                                                                      • Opcode ID: 4651f9304f928a120d65a6319c096456dc08bb9da44e5e29710f57218babbb76
                                                                                                                                                                                                                      • Instruction ID: 3282529cedbbe4445f51c821f425627ff0fce2c06fc4cf2c12b878d2c5e4d9de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4651f9304f928a120d65a6319c096456dc08bb9da44e5e29710f57218babbb76
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2918FB2B0AE46A6FB509F25D4443B93B91EF40BC8F546136DA0D87A95DF3DE44ACB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622261 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 130COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_get0_nameL_cleanseM_construct_endM_construct_utf8_stringQ_macR_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\tls13_enc.c$HMAC$finished$properties$tls13_final_finish_mac
                                                                                                                                                                                                                      • API String ID: 3095186593-1708336846
                                                                                                                                                                                                                      • Opcode ID: af18fa756789c274b3b3a1e54d06f580342a60447abe8ce4d354cffc70d2804c
                                                                                                                                                                                                                      • Instruction ID: 7536d0764f7ab49b7c394738e9aefd9a4d8ee12b67e44634d187eb1e056a8b5f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af18fa756789c274b3b3a1e54d06f580342a60447abe8ce4d354cffc70d2804c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79513926A0EF81A1E7619F15E4403EAABA0FB897C4F446135EE8D87655EF3CD145CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162163B Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_numR_newR_set_debug$L_sk_valueX509_i2d_
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$construct_ca_names
                                                                                                                                                                                                                      • API String ID: 3903125282-2826361722
                                                                                                                                                                                                                      • Opcode ID: 285981e61e004816dbb9b16cab13b0df3e1f35ece717fb701980015777df0768
                                                                                                                                                                                                                      • Instruction ID: 6e6fde2ced26eba9ceb2a24baf135853db521b13cf54756d05462ab0f68b45b5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 285981e61e004816dbb9b16cab13b0df3e1f35ece717fb701980015777df0768
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E418D61F0EE4262F794EF61A851AB92A90EF847C0F446431DD4DC7B96EF3CE5428B50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15047F8 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                      • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                      • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                      • Opcode ID: e137c4df389990c5a9a21068d71ec4bd9f1f5f629e3135641d4b6df1e85db6eb
                                                                                                                                                                                                                      • Instruction ID: e2978bad2c71e7362c53d27c01a4d1f7cb4e65d78f1fffbb4a86296ba6a7fd12
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e137c4df389990c5a9a21068d71ec4bd9f1f5f629e3135641d4b6df1e85db6eb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86414C25A1AE43EAEB149B92AD502396BA1EF89FC4F844435DD8E4B774DF2DE504CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15024D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                                      • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                      • API String ID: 2663085338-4141011787
                                                                                                                                                                                                                      • Opcode ID: add460568a9d1c321712bb5147273f608b5f9d3d354c2af16ef8b130cf552b0c
                                                                                                                                                                                                                      • Instruction ID: 58ba14747dc4fd6f9b211097485d939d011777683bb4602e3055ed13e16b495c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: add460568a9d1c321712bb5147273f608b5f9d3d354c2af16ef8b130cf552b0c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6312F21A1FE03EDFB555BA1DC182782AA9EF49FC0F445130C94E4AAB9DF2EE5458F04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162148D Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 80COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: D_get_sizeM_construct_endM_construct_intM_construct_size_tR_get_flagsR_newR_set_debugX_set_params
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_enc.c$tls-mac-size$tls-version$tls_provider_set_tls_params
                                                                                                                                                                                                                      • API String ID: 1278172236-1717005874
                                                                                                                                                                                                                      • Opcode ID: aeafcc585b247771c187dc6c6223e216a4160d861bc743f35f86da3f8ebb6239
                                                                                                                                                                                                                      • Instruction ID: b38351096b9571cf26f789626a99bb5c1b017c83220810b82925919c711777f8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aeafcc585b247771c187dc6c6223e216a4160d861bc743f35f86da3f8ebb6239
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46316412E0DF85A2F7619F29E4113F96B60FF997D4F406231EA8C92656EF2CE1858F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15011B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                      • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                      • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                      • Opcode ID: 025cf2f54ec276396d0a7968d769eabc86fa008e19f08a8f88334a8dd4c17f12
                                                                                                                                                                                                                      • Instruction ID: d8ff1847c07965eca021f687bdac6411964e5dabf4e27df01c6fb734284c82f4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 025cf2f54ec276396d0a7968d769eabc86fa008e19f08a8f88334a8dd4c17f12
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51A2A1E0EE43EAFB608B969D906792E90EF56FC0F445131D94D8BAA1DF2CE5018F01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15043E4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                      • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                      • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                      • Opcode ID: 2823727cef0efb3ce9469779fe86a85a3ff59357854e65c552545a8d892084ba
                                                                                                                                                                                                                      • Instruction ID: 5a295d8450d9a6c670ba782cf9d33435b5e3069cf321d729a5e07c02c8e0d155
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2823727cef0efb3ce9469779fe86a85a3ff59357854e65c552545a8d892084ba
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6641E562A0AE82E9EB21CB54EC143B92BA1FF49FD4F550231C95E47AE4DF2CD545CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16826D0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$R_set_errorX509_get0_pubkey
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$ssl3_check_cert_and_algorithm
                                                                                                                                                                                                                      • API String ID: 1177010120-269904252
                                                                                                                                                                                                                      • Opcode ID: ad2b624be1fa20cbc1b696e33adc93b7df3f1bbc7dc6cc1908df224225188a24
                                                                                                                                                                                                                      • Instruction ID: 7d7048092b01469fc4c01ba8e1cc19635c11b547d8a308331f30bd2767b7db52
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad2b624be1fa20cbc1b696e33adc93b7df3f1bbc7dc6cc1908df224225188a24
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2417565F1EE42A2EB909B25E4457F92B54EF84BD4F442032EE0D87796DF2CE9818B10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A163A130 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrl$O_freeO_newO_s_fileR_clear_last_markR_pop_to_markR_set_markX_freeY_free
                                                                                                                                                                                                                      • String ID: PEM
                                                                                                                                                                                                                      • API String ID: 753178889-379482575
                                                                                                                                                                                                                      • Opcode ID: 6fc056982ae95b5d7ca7b5471f986af6973d1fc74c47926725e2afadc22b9d02
                                                                                                                                                                                                                      • Instruction ID: 7ca704bc929d5769cdbd4676e6079adb4790f9ecd7061f51914e791eca51fd9d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fc056982ae95b5d7ca7b5471f986af6973d1fc74c47926725e2afadc22b9d02
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8415E32A0AE52A2FB519F16A41027A7B91EF94BC0F086135EE8DC7B95DF3DE4119B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162119F Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_read_early_data
                                                                                                                                                                                                                      • API String ID: 1552677711-1193762697
                                                                                                                                                                                                                      • Opcode ID: e0887a0330d3f20f76b57b849052d306993ff746fc90524e766ae11b4388de1f
                                                                                                                                                                                                                      • Instruction ID: 0d9bf6839945daf49ba04503d002d8fd4adceac65ed85ce030a8afd7dd4293a3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0887a0330d3f20f76b57b849052d306993ff746fc90524e766ae11b4388de1f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F41C165B1EE42A6F3A09B61A9917B93A94FB407C4F642038EA4DC66D6CF3CE400CF14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16212B7 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_set_rfd
                                                                                                                                                                                                                      • API String ID: 1876162228-2433761532
                                                                                                                                                                                                                      • Opcode ID: 96e0f0d80298aa26b62b379f08be12d70d03ed1af21213babb443cda8d17a390
                                                                                                                                                                                                                      • Instruction ID: 3593d8e54bc01d3f4487764bd663b7af20f9e040ac5f9a79a0bfdd44d523d6a4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96e0f0d80298aa26b62b379f08be12d70d03ed1af21213babb443cda8d17a390
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39219122F2BD5262EBA4AB11E5915B92A50EF847C0F443432EA0D87792DF2CE8418F44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16212DA Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$X509_freeX509_new_ex
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate_ASN1
                                                                                                                                                                                                                      • API String ID: 756758628-2599344068
                                                                                                                                                                                                                      • Opcode ID: 4995d27b0bf1321174175f39b0be9676b82be707b6070146dbbec9efc161cf4d
                                                                                                                                                                                                                      • Instruction ID: a7fedc668b341aee004149bf67c358c2e98f05f0637b28d87a3800a70f017669
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4995d27b0bf1321174175f39b0be9676b82be707b6070146dbbec9efc161cf4d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D216562B2EE42A2EBC0EB25F4515A96690EF887C0F943431FA4DC3796DF2CD5458F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1655370 Relevance: 18.2, APIs: 12, Instructions: 177COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_valueX509_get0_pubkeyX509_get_extension_flagsX509_get_signature_infoY_get_security_bits
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3095628011-0
                                                                                                                                                                                                                      • Opcode ID: 6a90dacb690371e304f2445f9702f56de0f571147d6374ef0aa4f66c0045241f
                                                                                                                                                                                                                      • Instruction ID: d27a76cb7fe9b0ceef49b26441e99d3f20c8a532e8e0b112be59fb3568062499
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a90dacb690371e304f2445f9702f56de0f571147d6374ef0aa4f66c0045241f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77518322B1FE8262EBA4AA216404BBA5995FF847E4F147135ED8EC7BC5DF3DE4004E00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214C9 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_supported_groups
                                                                                                                                                                                                                      • API String ID: 193678381-425071466
                                                                                                                                                                                                                      • Opcode ID: b4e47659d9b36f0e4f3e2c17f958fc3cdbd389cfeb418faddf921db3b9887d6d
                                                                                                                                                                                                                      • Instruction ID: 7809c49a003314dcac5c2c84b368eeed0661f33859e7a2609f8cb8dacf5282ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4e47659d9b36f0e4f3e2c17f958fc3cdbd389cfeb418faddf921db3b9887d6d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B516051F1EE52A2F7A0EB22A9157B92A50EF817C0F4C6431ED4DC2AD6DF7CE5418E40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622315 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_change_cipher_spec
                                                                                                                                                                                                                      • API String ID: 193678381-3810074443
                                                                                                                                                                                                                      • Opcode ID: 7b793b2aba5556ca4cdffefd6bfd479a0cfae9c9146692b1823ed7d581f3ced1
                                                                                                                                                                                                                      • Instruction ID: cd7608da7a402fb3a02db72232329abc1d8572250f470bdb485f78302f4be5d8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b793b2aba5556ca4cdffefd6bfd479a0cfae9c9146692b1823ed7d581f3ced1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01418DA2F4AE82A3FBD5EF61D8457F82A90EF847D4F546432C90C826D1CF2CA585DA10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165C470 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 182COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_printf$O_indent
                                                                                                                                                                                                                      • String ID: EncryptedPreMasterSecret$GOST-wrapped PreMasterSecret$GostKeyTransportBlob$KeyExchangeAlgorithm=%s$dh_Yc$ecdh_Yc$psk_identity
                                                                                                                                                                                                                      • API String ID: 1715996925-113291103
                                                                                                                                                                                                                      • Opcode ID: 89970dca69558b5f4510c94724063e021e01d91dc4724d428f576d621cd853d9
                                                                                                                                                                                                                      • Instruction ID: 266a1dd2498a2361f6cb673141cd858c57ce3f7f8d0ccfcc409fb86848cbe6e8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89970dca69558b5f4510c94724063e021e01d91dc4724d428f576d621cd853d9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F61E322B0EE8262EB248F25E4141F97A96FB443E0F497231DA9D87B95DF3CE104CA44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165D2E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_puts$O_indent
                                                                                                                                                                                                                      • String ID: No extensions$extensions, extype = %d, extlen = %d$extensions, length = %d
                                                                                                                                                                                                                      • API String ID: 3358443131-3081145182
                                                                                                                                                                                                                      • Opcode ID: 107a53b73b747e800ad35b810041a331bc3b3154c1a2c4b6651c24c1293b4c4b
                                                                                                                                                                                                                      • Instruction ID: 4968fd85194424e509107fc70d57c8e9499580bd990f94be12b96986aaf49063
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 107a53b73b747e800ad35b810041a331bc3b3154c1a2c4b6651c24c1293b4c4b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0841246371AAD15AD760CB25A8005AE7F95FB857E4F48A131EE8C83B89DF3CE541CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621474 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_numL_sk_value
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_use_srtp
                                                                                                                                                                                                                      • API String ID: 557030205-2899248626
                                                                                                                                                                                                                      • Opcode ID: 4c29bcabcbd55ec574ef23dd49ab8b52c6f3bef4ec0ffce5a1b125d60f09f02f
                                                                                                                                                                                                                      • Instruction ID: fca073df40ad8af86288746cd0fbb24d644e81e98ea32310102464631c0e98e3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c29bcabcbd55ec574ef23dd49ab8b52c6f3bef4ec0ffce5a1b125d60f09f02f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58417161F0EE52A6F790EB2295456B92A95EF84BC0F446031EE4DC7F96DF2CE5418F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16472F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_newR_set_debugR_set_errorX509_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ssl_dane_dup
                                                                                                                                                                                                                      • API String ID: 641917998-780499551
                                                                                                                                                                                                                      • Opcode ID: c2c7d87bce939961a0199c6e8bee7f3c77e2c972a0f7738d754dfb736ed6e270
                                                                                                                                                                                                                      • Instruction ID: 8c0e74102c7631d281e941e34960d6a326ce4dc8bb45e5fdcebfebd8acf74d3f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2c7d87bce939961a0199c6e8bee7f3c77e2c972a0f7738d754dfb736ed6e270
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6831C032A0AF8292E791DB25D4912AE6A66FF847C0F446035EF8DC3796DF3CE5408B10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621375 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_puts$O_printf
                                                                                                                                                                                                                      • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                                                                                                                                                      • API String ID: 4098839300-1878088908
                                                                                                                                                                                                                      • Opcode ID: fda8fcf2d81b2b0c740b8bfcb5be14cfd8bb3c30529b8a77aa9d5ac2da1480ae
                                                                                                                                                                                                                      • Instruction ID: d284e52a971b45a6027995a0e23feeeeca7177c7dc465dcf0bf3376acd973ec9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fda8fcf2d81b2b0c740b8bfcb5be14cfd8bb3c30529b8a77aa9d5ac2da1480ae
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA318D21B0EE8372E7649B559A443B87F60EF007D5F44B171EA0EC2A99DF2CE665CA04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1645670 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_new_nullL_sk_popL_sk_pushR_newR_set_debugR_set_errorT_free
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ct_move_scts
                                                                                                                                                                                                                      • API String ID: 678090195-2572802885
                                                                                                                                                                                                                      • Opcode ID: e8f2d14d73432a17dfe26c064f1f3f55e634b60d6841f4f352f828a2021878d4
                                                                                                                                                                                                                      • Instruction ID: b6c6968b6eee3b97ffafc014656157e4c611990d26390fbe2ebb9031f6d604ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8f2d14d73432a17dfe26c064f1f3f55e634b60d6841f4f352f828a2021878d4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8421A421B0FF52A2FB40EF16A9401796A95EF84BC0F546035EA4DC7B96DF3CE8018A00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15045A8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                      • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                      • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                      • Opcode ID: 5a6c14155ef2ecc88faa232474f6b385e5960f0acada70e91c6a86edda791755
                                                                                                                                                                                                                      • Instruction ID: 2df1cd13bdd58c34f02fc8b443c0ea0237e14281274a403e65097eead9857653
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a6c14155ef2ecc88faa232474f6b385e5960f0acada70e91c6a86edda791755
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E213B31A1AE43EAEB508FA5ED541792B60EF48FC8F488431DA4E87674EF2DE5458B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16211EF Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_enable_ct$SSL_CTX_set_ct_validation_callback
                                                                                                                                                                                                                      • API String ID: 1552677711-3272436952
                                                                                                                                                                                                                      • Opcode ID: dfd3537359efdacd2f04a4d436af0070cfbf6be4d586150568d2f422745380a1
                                                                                                                                                                                                                      • Instruction ID: 032a959146bf72acb623775df09976c51ecf48f6f75479a7eb4453cea1ce195c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfd3537359efdacd2f04a4d436af0070cfbf6be4d586150568d2f422745380a1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69117C61F1ED4773F790DB60D8416F92A95EF543C1F942031E90CC26D2EF2CA8859A14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621294 Relevance: 15.3, APIs: 10, Instructions: 289COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrl$X_get0_cipher$D_get_sizeR_get_flagsR_get_modeX_get0_mdX_get_block_size
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3427282322-0
                                                                                                                                                                                                                      • Opcode ID: dd30d2acaaecf3dc47caf6ad2724c979f41d556ec69f60362ed34e3872b506c8
                                                                                                                                                                                                                      • Instruction ID: 3d23951c84b20f3513109a52aa0a3396c4ffa99f3d5af6f18b142b35f4bfb9f8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd30d2acaaecf3dc47caf6ad2724c979f41d556ec69f60362ed34e3872b506c8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62D19262A0ABD195D7A18F6584103BC3FA0FB45BC8F0C9136DE8D8779AEE38D594CB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1502740 Relevance: 15.2, APIs: 10, Instructions: 228COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 190073905-0
                                                                                                                                                                                                                      • Opcode ID: 5dafe5ee96a40d1e6b25b2608b6efe82eb1d3eb2d2b490ba319fff0bfd4bd6c8
                                                                                                                                                                                                                      • Instruction ID: 7de7a5053fc0bb4b3d3dc46eb351ba112104dcee90dc47f19990db7406c176fc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dafe5ee96a40d1e6b25b2608b6efe82eb1d3eb2d2b490ba319fff0bfd4bd6c8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F817C21E1AA43EEF7549BD59C412796E98EF85FC0F544035E90D436B6DF2CE9458E00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16212A8 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_freeO_new
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4227620691-0
                                                                                                                                                                                                                      • Opcode ID: 43d71860d8a2d91c31a17df31cca4b0bb0712ab537f37b3cb6bc1110c295d612
                                                                                                                                                                                                                      • Instruction ID: a86aa0a12e7471bce67398789b251d8bf55845e73aef41550b5ee4979fcb986a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43d71860d8a2d91c31a17df31cca4b0bb0712ab537f37b3cb6bc1110c295d612
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B217E40F1FE4262FBD4AB5265512B91A90EF95BC4F042034EE0ECBB86EF2CE4019F04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16221E9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newmemcpy$R_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM$tls_construct_finished
                                                                                                                                                                                                                      • API String ID: 3909032045-3711601257
                                                                                                                                                                                                                      • Opcode ID: 2daf00a0d195b6ab514bc9670e8ac29359be2fc999cccec05943c87e8496043c
                                                                                                                                                                                                                      • Instruction ID: 1069fa71ef0459f4d0f623122a0e5c085da80fb393c682f3e6ad9f0dcdb6822f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2daf00a0d195b6ab514bc9670e8ac29359be2fc999cccec05943c87e8496043c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73516432A0AE42A2E790DF15D4487A82B94EB48FC8F142076DE4DCB7D6EF39D540CB50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162223E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_client_certificate
                                                                                                                                                                                                                      • API String ID: 193678381-1244782752
                                                                                                                                                                                                                      • Opcode ID: 5d4b049b2e399e1bc7ff9165c8190d6e6d377a2c720afd3264b13be3c32e569e
                                                                                                                                                                                                                      • Instruction ID: 98b40c9f70d6efcb17efee415d4010a3766147e7fc60643ff238e0c6ef60595c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d4b049b2e399e1bc7ff9165c8190d6e6d377a2c720afd3264b13be3c32e569e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14416362F1EE82A6E790AB65E454BF82A50EF45BC4F446432D94CC7696EF2CE580CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162127B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$ErrorLastO_write
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_pending
                                                                                                                                                                                                                      • API String ID: 433171503-1219543453
                                                                                                                                                                                                                      • Opcode ID: c1c8ba7d274d9aa46f4e5d84af80b84f7eafb345f57b49a33298fbfcd96b1805
                                                                                                                                                                                                                      • Instruction ID: 0e7c2cf2ef31b5f2c386dbc7a20b3bf0317518c1aaf71b22506c770025e190f4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1c8ba7d274d9aa46f4e5d84af80b84f7eafb345f57b49a33298fbfcd96b1805
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7419E72A0BF51A2EBA8DF25D4446A83BA8FB44BC4F185135DA1E83795DF3CE451CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A168D450 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify$get_cert_verify_tbs_data
                                                                                                                                                                                                                      • API String ID: 152836652-3760622993
                                                                                                                                                                                                                      • Opcode ID: 6f100608704ad0428f70d84cbd234f9857d8460254c058f1d7cbb5ef1a6ce72d
                                                                                                                                                                                                                      • Instruction ID: 8aced6b1ab746ec8828f2fdd63b2d46c3eefade829ab463a9d5f29dd5d48564b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f100608704ad0428f70d84cbd234f9857d8460254c058f1d7cbb5ef1a6ce72d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0541C662B0EE81A2E750CF14D4406BC7BA0FB95BC8F44A132DA8CC7691EF2CE591CB11
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16226F3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_supported_versions
                                                                                                                                                                                                                      • API String ID: 193678381-3987601604
                                                                                                                                                                                                                      • Opcode ID: 7ba4750e1c74470d2e0daaec028f359f114185f9f11d48a545ee9f69c5bc47c2
                                                                                                                                                                                                                      • Instruction ID: 5402f5b95bbbad2e8274d2bad4ff00d5b53f3d8682ac1db504d94735a374c1c7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ba4750e1c74470d2e0daaec028f359f114185f9f11d48a545ee9f69c5bc47c2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA317391F0ED42A2F760AB11E5453B95A51EF857C4F542031EA4CC7EDADF2DE9429F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622275 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_early_data
                                                                                                                                                                                                                      • API String ID: 193678381-731786359
                                                                                                                                                                                                                      • Opcode ID: 1d93924b52c67e1adcc36704bd84b3098c826f76818c3dee5ce5d281e9a85cac
                                                                                                                                                                                                                      • Instruction ID: 33d1658fe022e5dad8076666965f64475b0250a60b355891a20ffe1b0853350a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d93924b52c67e1adcc36704bd84b3098c826f76818c3dee5ce5d281e9a85cac
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B231B1A2F0FD42A6F7959B20D4197F83A90DB447C5F942032D90D826C2DF2CA9D1CF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16483E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ($..\s\ssl\ssl_lib.c$ssl_start_async_job
                                                                                                                                                                                                                      • API String ID: 1552677711-1319532896
                                                                                                                                                                                                                      • Opcode ID: 4531f297435977068fc41978c83a305b3a19b3c147982f5094811f45cda28054
                                                                                                                                                                                                                      • Instruction ID: d9896d7cb953c4a4fc0dd40e9aa3be741c7ee6fc15fd8908735443252b35419b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4531f297435977068fc41978c83a305b3a19b3c147982f5094811f45cda28054
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36319371A0EE52A2E7509F54E5843E93AA4EB047D8F281135EA5C877D9CF3CE440CF44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622207 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                                      • API String ID: 193678381-3379596787
                                                                                                                                                                                                                      • Opcode ID: d56d42069174aa5c7f1f1e05a148f614193e7bb520e3ed8a3438be9a4e44f38f
                                                                                                                                                                                                                      • Instruction ID: 7feb1057c482b81cca8fe4dd4129a2fbcea5d5a546d3ffda0471e1291ddda8df
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d56d42069174aa5c7f1f1e05a148f614193e7bb520e3ed8a3438be9a4e44f38f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1218C62F1AD42A7F794EB70D805BF82A50EF847C0F986431DA0DC66C2DF6CA585DB41
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621627 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_set_cipher_list
                                                                                                                                                                                                                      • API String ID: 1603723057-1252523853
                                                                                                                                                                                                                      • Opcode ID: 0cdc888642a4c7ec4b4db4ee68f31cf0bed92deb90d71d28f91530e20ff43650
                                                                                                                                                                                                                      • Instruction ID: 779f5acc07e83b90c47d59b415dba59dcfcf165631a13cb748029ddbab19f3ef
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cdc888642a4c7ec4b4db4ee68f31cf0bed92deb90d71d28f91530e20ff43650
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8921B362B1AE9192E740EB19E4902F966A0EF847C4F541035EB4CC77A2DF3DD5428F04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621384 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_cipher_list
                                                                                                                                                                                                                      • API String ID: 1603723057-1814062246
                                                                                                                                                                                                                      • Opcode ID: 3d304f5563a97701548db3dfe9b26dbf5cd5e5ff3eb041c5f35f6c751ca3617e
                                                                                                                                                                                                                      • Instruction ID: 8b65933da235c495e46643d5459179e2348c54d7e0a52c551ba1cc7539f379d8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d304f5563a97701548db3dfe9b26dbf5cd5e5ff3eb041c5f35f6c751ca3617e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D321D762B1EE5193E740AB29E4402E97BA4EF447C8F942035EB4C877A1DF3DD5528F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16451A0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FF8A1642D97), ref: 00007FF8A16451CE
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FF8A1642D97), ref: 00007FF8A16451E6
                                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FF8A1642D97), ref: 00007FF8A16451F7
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FF8A1642D97), ref: 00007FF8A1645210
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FF8A1642D97), ref: 00007FF8A1645228
                                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FF8A1642D97), ref: 00007FF8A1645239
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$can_renegotiate
                                                                                                                                                                                                                      • API String ID: 1552677711-3796731956
                                                                                                                                                                                                                      • Opcode ID: ffee28e96335aa704968abb80b6c1ed724ff21ba08e802f7bdb6329489e06ba8
                                                                                                                                                                                                                      • Instruction ID: 165c24e19ee2306f0c9150cbbbdd917ea211877e10b5b64cf3d8e365331e9b6a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffee28e96335aa704968abb80b6c1ed724ff21ba08e802f7bdb6329489e06ba8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 061165A5F1BD4663F784EB24C8927EA2A90EB517C1FD06032E60CC26D2CF2CE5858E01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622333 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_check_private_key
                                                                                                                                                                                                                      • API String ID: 1552677711-2096838628
                                                                                                                                                                                                                      • Opcode ID: 47520c5f97b16008fda1cc4b12aafc570e90f933446927589590d1bf795c4cd6
                                                                                                                                                                                                                      • Instruction ID: fac558a249271845a6a29d4a4c639b7ddacc8a0b27b220922397584c0fa66392
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47520c5f97b16008fda1cc4b12aafc570e90f933446927589590d1bf795c4cd6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD01A165F1BE4272FB84EB60C4616B82651EF443C1FA0A035D50C827D1DF2DE5459A01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16453F0 Relevance: 13.6, APIs: 9, Instructions: 75COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: P_resp_countT_free$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_newR_set_debugR_set_errord2i_
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2730705051-0
                                                                                                                                                                                                                      • Opcode ID: 0e7fa4a51d6b1f64f47392326b463c9cfd1bb6ecd7d7e87c3f01f1a2ef2afe8b
                                                                                                                                                                                                                      • Instruction ID: f90fdb2a8207ac372aebfedee06bbbbb49f59ac2d071cef4a8ca4830ff604073
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e7fa4a51d6b1f64f47392326b463c9cfd1bb6ecd7d7e87c3f01f1a2ef2afe8b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C21E211B0FF5252EB91AA5666917791E80EF89BD0F052438EE4DCFB82EF6CD4028B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166E310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$L_sk_num
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c$tls_construct_certificate_authorities
                                                                                                                                                                                                                      • API String ID: 2899912155-903051733
                                                                                                                                                                                                                      • Opcode ID: 5998049c72fe6a6bd47f093c1dc36a51f54e6cd18cc9bd3a640a5744e4a8af92
                                                                                                                                                                                                                      • Instruction ID: 8953ce16b21b97174ca2350aaa853a4f5ae2de1da60c3ee08d9107ec5d96f432
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5998049c72fe6a6bd47f093c1dc36a51f54e6cd18cc9bd3a640a5744e4a8af92
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8318421F1EA9262F794E722F9156B95A54EF847C4F882031EE4DD7B86DE2CE9418F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A168E190 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugX509i2d_
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$ssl_add_cert_to_wpacket
                                                                                                                                                                                                                      • API String ID: 3356145284-2373850725
                                                                                                                                                                                                                      • Opcode ID: 815fbc690875dea7aa019c576df1c6b0cea7faffa18d282b57adab0503314cbf
                                                                                                                                                                                                                      • Instruction ID: 602b8d890f8011279d20b414898a02fdf0e181c8c7d84200bc48d0c38832aa89
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 815fbc690875dea7aa019c576df1c6b0cea7faffa18d282b57adab0503314cbf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D319361F0EF42A6F750EB12E8506A97A50EB94BC0F44A172ED4CC7B95DF2CE6418B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16211C2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_maxfragmentlen
                                                                                                                                                                                                                      • API String ID: 476316267-2768509386
                                                                                                                                                                                                                      • Opcode ID: 28725d5e94fd283e151c7962287556e812c99b14461513982d334866cd3e7e46
                                                                                                                                                                                                                      • Instruction ID: 8d4d112e0d4588780579b205f51623a5eb0463cd857ff429a391a78712bd2e0d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28725d5e94fd283e151c7962287556e812c99b14461513982d334866cd3e7e46
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55216FA2F0AE86A6F791AB61E9417F83B50EB417C0F586431C90C877D2DF2C95D18B01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16956D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$p$ssl_check_srp_ext_ClientHello
                                                                                                                                                                                                                      • API String ID: 193678381-2953162070
                                                                                                                                                                                                                      • Opcode ID: cac9866c63eafd89a5202cb09d2362e07be74db9bd8a3e0dc17db98ef6f0a8f8
                                                                                                                                                                                                                      • Instruction ID: dec3932755e1eda5ae2603833b4694d620602a4f554e17904aded5997a99ab35
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cac9866c63eafd89a5202cb09d2362e07be74db9bd8a3e0dc17db98ef6f0a8f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C62196A2F1FD42A3F790AB64E4457B82A50EF847D4F942132E90CC66D1DF2CEA858B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162237E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_maxfragmentlen
                                                                                                                                                                                                                      • API String ID: 476316267-2494698823
                                                                                                                                                                                                                      • Opcode ID: 2c19659bf442bed216f32142c3126645e3fa96531c6bace52babe5ca9cbfec4d
                                                                                                                                                                                                                      • Instruction ID: 7ff3b07d156f0451a25c2bbca33e5d0c7fd342f2911390ac1a58d1b042cecb87
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c19659bf442bed216f32142c3126645e3fa96531c6bace52babe5ca9cbfec4d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E811A2E2F0ED92A2E390AB60E8517F93B50EB407C0F946432D90D83792DE2C99918B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16212C1 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_numR_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_ssl_version
                                                                                                                                                                                                                      • API String ID: 2983925012-1434314342
                                                                                                                                                                                                                      • Opcode ID: 687fce0ff1ec4878da2e6b75e54dcdf9aa1a9dc6fb1e995fd219aaf275f4d358
                                                                                                                                                                                                                      • Instruction ID: b42e61fbc1c7c8654b0bea2708e6369e5f7e1e4f4da58ee23cc8cb2c1498d0f2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 687fce0ff1ec4878da2e6b75e54dcdf9aa1a9dc6fb1e995fd219aaf275f4d358
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B11ACA1E0FE0372FB90AB20A8122B92A80EF447D5F546034E90DC63D2EE3CE5518A14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162263F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errorY_freeY_get_security_bits
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_set0_tmp_dh_pkey
                                                                                                                                                                                                                      • API String ID: 2486296959-3900076315
                                                                                                                                                                                                                      • Opcode ID: 0663dbe0d9e2f24b4d42b00f9c6a5dfd65e6da1202bfe41ae48a83f1b03d5ee1
                                                                                                                                                                                                                      • Instruction ID: 41a9c5b011ebc094de4aef6c78b15b8a38b5de492738400e0b04e59451db9461
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0663dbe0d9e2f24b4d42b00f9c6a5dfd65e6da1202bfe41ae48a83f1b03d5ee1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B01D662B1DE4162E780EB20F9516B966A4EF857C4F545031EE4CC3B96DF2CD5408F04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621604 Relevance: 12.1, APIs: 8, Instructions: 114COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: J_nid2sn$D_get_sizeP_get_cipherbynameP_get_digestbynameR_get_block_sizeR_get_iv_lengthR_get_mode
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1749907837-0
                                                                                                                                                                                                                      • Opcode ID: e145f5feec36edd3f9dc84d727dac2c2ca7b63a17e8abbeb87a29e56625d9689
                                                                                                                                                                                                                      • Instruction ID: 94157a8b1fc3dcd9f2f187637d76d9b4c67e6a2e573c4adec37d06e33a62297d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e145f5feec36edd3f9dc84d727dac2c2ca7b63a17e8abbeb87a29e56625d9689
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D41D221E0BF52A6FB608A09950427D6AD6EF44BD0F502135EE4DC73C2CE7CF9418A40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16252E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3836630899-0
                                                                                                                                                                                                                      • Opcode ID: e03d538e60a270bb7c9e6b1dbca698f7b36a3815dcc41f1296a6c0701146d666
                                                                                                                                                                                                                      • Instruction ID: 42a6ea0fbd46302ad04434d858c5cecab375e83f4278db2776cbb3ce93862b86
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e03d538e60a270bb7c9e6b1dbca698f7b36a3815dcc41f1296a6c0701146d666
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83418922F0EE1253E7A4AF26A5017B96A91EF44BD5F506031DD0CC7B8ADE7CE8418A44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162228E Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_free$O_new$O_s_connect
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3895418919-0
                                                                                                                                                                                                                      • Opcode ID: 7c46617f604b25b5a8eb14fed29eae5c2b19d73b741f68f8f4784f0e0c292732
                                                                                                                                                                                                                      • Instruction ID: 1fb64bc11faab2a63d59c0cd0357baa7089baa41aad066c47624ffa605081fd9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c46617f604b25b5a8eb14fed29eae5c2b19d73b741f68f8f4784f0e0c292732
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C114C41F0FF4362FBD5AB5668112B91A80DF95BC4F086035ED0E8BB86EF2CE5524B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15016F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                      • String ID: a unicode character$argument$category
                                                                                                                                                                                                                      • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                      • Opcode ID: 22ec0c15f6c9fda568172335ca1569b4500aa34d597447d1642a85515cb5247b
                                                                                                                                                                                                                      • Instruction ID: 4930932d19fea8c8d2dc5a25456f41137b1cc5c6ebb8b6c753e1f1c76f33c370
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22ec0c15f6c9fda568172335ca1569b4500aa34d597447d1642a85515cb5247b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C519B62F1AE56EAEB548B45D8502B82BA1FF44FC4F441035DA4F477A0DF2CEA55CB01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621479 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrl$R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\d1_lib.c$dtls1_check_timeout_num
                                                                                                                                                                                                                      • API String ID: 1786956097-2777391390
                                                                                                                                                                                                                      • Opcode ID: b0908b19d0d4c75a8afd0cafc2d14f51ca5b926e766688096ea50e622b1f663e
                                                                                                                                                                                                                      • Instruction ID: 6e7a81673b5520d9b5a913e9668482d2e46c2c7ce0d3436706ad45390c4d4f6e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0908b19d0d4c75a8afd0cafc2d14f51ca5b926e766688096ea50e622b1f663e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B517C72A0AA8292D7D8DB15D9547FD3AA9EB85BC4F086036DB1E87791CF38D0918B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1501000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                      • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                      • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                      • Opcode ID: 787eaf91ce2a3883ff99f0da982c4a70ac715a3298e38d6b01e2be1f08158bc8
                                                                                                                                                                                                                      • Instruction ID: 7ae674346d18df16b4e08a452d968a96efd8797391fff1cd81f8016cfb4ae1e4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 787eaf91ce2a3883ff99f0da982c4a70ac715a3298e38d6b01e2be1f08158bc8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3341EA62F1AE83EAEB588745DCA13792B61FB04FD0F841035DA9E476B0CF2DD9908B01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622158 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1651250: ERR_new.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651315
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1651250: ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FF8A16527C0), ref: 00007FF8A1651333
                                                                                                                                                                                                                      • OPENSSL_cleanse.LIBCRYPTO-3 ref: 00007FF8A1652A06
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_cleanseR_newR_set_debug
                                                                                                                                                                                                                      • String ID: $ $0$extended master secret$master secret
                                                                                                                                                                                                                      • API String ID: 4043487175-741269486
                                                                                                                                                                                                                      • Opcode ID: c65b08be177fd7869ca45c074d80b9fa8f3cbf3986bc84b7f06dd16b9f883214
                                                                                                                                                                                                                      • Instruction ID: ba75551eb1479d5e59994112c253f79a523094f9c3390f43d3c691f0b71d8f33
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c65b08be177fd7869ca45c074d80b9fa8f3cbf3986bc84b7f06dd16b9f883214
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF414B72609F8195E760CB15F84039ABBA8FB887D4F54A135EA8C82B69DF7CD155CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16221F3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_read_transition
                                                                                                                                                                                                                      • API String ID: 3946675294-211585089
                                                                                                                                                                                                                      • Opcode ID: 1ec53698299ae21b2aeb9b7de68607946c7bd6d4356d386d45f1560bd026f1ef
                                                                                                                                                                                                                      • Instruction ID: 61ab166e082f73353e0ccfc7a4ec1dcad42e06ba16eef4b40a2f35f013c6f95a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ec53698299ae21b2aeb9b7de68607946c7bd6d4356d386d45f1560bd026f1ef
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B31E572F1EE429AE740EB65E4807B83B92EB48BC4F586431DA0DC7795DE2CD4818B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16224B9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$dtls_construct_hello_verify_request
                                                                                                                                                                                                                      • API String ID: 193678381-1802759638
                                                                                                                                                                                                                      • Opcode ID: 78cc98d2894ef5ce3a8817a6f09c5d30bf348727c80a09a26c88ce6016d1cf8f
                                                                                                                                                                                                                      • Instruction ID: b3c2b0d5b697174cf09eccbad5b199a1efadce2a16dc44c86b11e9b62e562157
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78cc98d2894ef5ce3a8817a6f09c5d30bf348727c80a09a26c88ce6016d1cf8f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A31B861B1DE42A6E7909F61E800AF92B64EF44BC4F446035EE4DC7B96CF2CE541CB04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16222A2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_status_request
                                                                                                                                                                                                                      • API String ID: 193678381-3840607856
                                                                                                                                                                                                                      • Opcode ID: ac00752724161e33015f6d77a20da0b4db975d62e8140552cb6479a87fff65dc
                                                                                                                                                                                                                      • Instruction ID: 41ed0f658b36dad77a907471cd8b2b11ac894b4c3712b4e333d4c9894ea8c088
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac00752724161e33015f6d77a20da0b4db975d62e8140552cb6479a87fff65dc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1621B0A2F0BD42A6FBA59B11D8447B82A61EF807D4F54B031D90CC6AD5DE2DA9C1CE00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16216EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_read_transition
                                                                                                                                                                                                                      • API String ID: 3946675294-396436010
                                                                                                                                                                                                                      • Opcode ID: ce5875e714f401d45aabb13b4a038fb6e75593f7ccf09a852d2f7a26a14c42bd
                                                                                                                                                                                                                      • Instruction ID: 0aa22549777c39d620f06d28c59974dcd873dea1aeac8c503845558aac8de19a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce5875e714f401d45aabb13b4a038fb6e75593f7ccf09a852d2f7a26a14c42bd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A217F62E0AE82A7F7E49B20D4557B82B91EB447C4F546436D90CC3782CF6DD985CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16211B3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_initial_server_flight
                                                                                                                                                                                                                      • API String ID: 193678381-3302312727
                                                                                                                                                                                                                      • Opcode ID: e178fc634d7bef24930e7a78444d9cca761df507a521c119d82d6d9cd1cd4460
                                                                                                                                                                                                                      • Instruction ID: 959d13fdac286d1a1207166c400dd2e0f31c757ae40b82011ed5a1a544535783
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e178fc634d7bef24930e7a78444d9cca761df507a521c119d82d6d9cd1cd4460
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B219FA2F1EE43A2FB95AB66D8457F82A50EF457C0F887131DD0CC62D1EE2CE5818B10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165B2B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_indentO_printf
                                                                                                                                                                                                                      • String ID: %s=0x%x (%s)$UNKNOWN$cookie$server_version
                                                                                                                                                                                                                      • API String ID: 1860387303-3219550004
                                                                                                                                                                                                                      • Opcode ID: 64ca8e15f2fd70a2bc7e9583ff755a23efd2fa34a0515b12eecb7d8ed4e3806f
                                                                                                                                                                                                                      • Instruction ID: 5e7278f0e897d0fba32f8e728bcf75d793a246215aee81eef2fe1d28d09371f1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64ca8e15f2fd70a2bc7e9583ff755a23efd2fa34a0515b12eecb7d8ed4e3806f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F218022B1EF91A6E7109B51E4410AABBA6FB457D0F846532EE8C93B56DF3CD501CF40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621208 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_mcnf.c$ssl_do_config
                                                                                                                                                                                                                      • API String ID: 4067701900-1861514004
                                                                                                                                                                                                                      • Opcode ID: eb7f5ce3cd819bc976cc8b5103d6e9ef9d2776f7d1b349020b5935d7bf73c850
                                                                                                                                                                                                                      • Instruction ID: 77d7f353008c293507a07d1509c4b5aaece7a856ae26cff3933f914f608cb9e7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb7f5ce3cd819bc976cc8b5103d6e9ef9d2776f7d1b349020b5935d7bf73c850
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C11E953F0F90672FB94AA917951EF92941DF547C0F00A034EE0D86B81DF2CA94A8A40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166E650 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c$final_ems
                                                                                                                                                                                                                      • API String ID: 193678381-1856277603
                                                                                                                                                                                                                      • Opcode ID: 74cd9f2f4c270fd128d8f0ece4d51b6b8c91b73a2897de218e33f7e1510a601f
                                                                                                                                                                                                                      • Instruction ID: f817e23b961d6d2ebe1d278ec664295576b466c5e6ce12851de633aa7a37ef39
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74cd9f2f4c270fd128d8f0ece4d51b6b8c91b73a2897de218e33f7e1510a601f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A411D0B2F0A946A7FB88DB66D4497F43B14EB84385F406031D10D826A1DF3CA9C6CE40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1501150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _PyArg_CheckPositional.PYTHON312 ref: 00007FF8A15035F7
                                                                                                                                                                                                                      • _PyArg_BadArgument.PYTHON312 ref: 00007FF8A150362A
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A15011B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FF8A15011E2
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A15011B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FF8A15011FA
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A15011B0: PyType_IsSubtype.PYTHON312 ref: 00007FF8A150121D
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                      • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                      • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                      • Opcode ID: 07a1cc11aa269b8557c5ec55fc2ce84b41e626c691c270569d03d6bf9da22264
                                                                                                                                                                                                                      • Instruction ID: 08c1401a61b6cf7afb78f58158868a9f80d116a9095f250352cf5a6928557d50
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07a1cc11aa269b8557c5ec55fc2ce84b41e626c691c270569d03d6bf9da22264
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D115261B09E82E9EB948B91EC916B52B60EF04FC4F588032D90D47774DF2CD588DF40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504758 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                      • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                      • API String ID: 3876575403-184702317
                                                                                                                                                                                                                      • Opcode ID: 8e02dd3c8192d218ded56ac237b87c5b72be01f0a3d895f581c87c065e396155
                                                                                                                                                                                                                      • Instruction ID: e7186f772158b235f8afa6481455cafd343a72cdab74a0cb6399a3a22cac7421
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e02dd3c8192d218ded56ac237b87c5b72be01f0a3d895f581c87c065e396155
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA015B65B09E86E9EB508B82E8817B52B60EF49FC4F84D035D90D4B264DF2CE48ACB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621168 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_early_data
                                                                                                                                                                                                                      • API String ID: 193678381-408386505
                                                                                                                                                                                                                      • Opcode ID: 834e06002fd48ab0d836dcc656642cb03cadb7f568b0afd511e59dad598126ac
                                                                                                                                                                                                                      • Instruction ID: acb41f68c049ede8f28f6a9561dfce89179f31d75263a275643ff439dc50dc96
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 834e06002fd48ab0d836dcc656642cb03cadb7f568b0afd511e59dad598126ac
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 840169A1F0FD42B2F790AB61D9557F82B54EF443C0F946031D50CC2AD2DF2CAA928E40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1661428 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errorY_get0_group
                                                                                                                                                                                                                      • String ID: ..\s\ssl\tls_depr.c$ssl_set_tmp_ecdh_groups
                                                                                                                                                                                                                      • API String ID: 2690379533-3926364423
                                                                                                                                                                                                                      • Opcode ID: df95b728398b55c98ca16a0fef17c6ec49dd0035dafadada56721befd5ffa3b8
                                                                                                                                                                                                                      • Instruction ID: fbe83ff4d87c0afc45c28df6f0fe310e5bd7a091f8eb4609624cd286865a6937
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df95b728398b55c98ca16a0fef17c6ec49dd0035dafadada56721befd5ffa3b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FF090A2A1FD42B7E7949B10D8516B83621EF483C0F942031D50D82292EF2CA5818E00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16224DC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_set1_id
                                                                                                                                                                                                                      • API String ID: 1331007688-2576049543
                                                                                                                                                                                                                      • Opcode ID: 762f2e1e1e19e6e1fb59f1e05661a34aa17481e2689df007173984e0b618aad8
                                                                                                                                                                                                                      • Instruction ID: 15b007543c966a23a1d5886b213a17c25998f6fc7215f8d71d9f534bc05eb007
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 762f2e1e1e19e6e1fb59f1e05661a34aa17481e2689df007173984e0b618aad8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BF05E99F2FD5262F7E0B764D9567B82A40EF913C1FD02430E00D81AD2DF1C65458E05
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16226D5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_session_id_context
                                                                                                                                                                                                                      • API String ID: 1331007688-1727046036
                                                                                                                                                                                                                      • Opcode ID: b1c14b8c64b35984cd87034e97bade98661a2b42f6b0f47547db519cc0084365
                                                                                                                                                                                                                      • Instruction ID: c2b4a42e03e29d21b2ab5783f613525ac46720164e07bd975b640514e6d88854
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1c14b8c64b35984cd87034e97bade98661a2b42f6b0f47547db519cc0084365
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59F08CA5F2FC1673F3A0B7649852BE82950EF483C1FE02030E10C82AD2CE2DA6858E51
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1655160 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X509_get0_pubkeyY_get_security_bits$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3836818763-0
                                                                                                                                                                                                                      • Opcode ID: 881e7ae5a45f0a571fb5a722c38be3c32f9cab0c888addf428be226d2df2081b
                                                                                                                                                                                                                      • Instruction ID: 3c050045ec42a4d8bc7e2cc599419a8eebabec1d082da8888bf32c9e2e70e646
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 881e7ae5a45f0a571fb5a722c38be3c32f9cab0c888addf428be226d2df2081b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17417221B0EA8266EBA4AA51A405BBA5A41EF947D4F14B434ED4DC7B82DF3DE4008F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16216EA Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_next$O_free_all$O_up_ref
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1216991848-0
                                                                                                                                                                                                                      • Opcode ID: 0aa353734cd2757dcafc435e18f9e496c362ffaffce6a2e2fac3e9d2a8b7e651
                                                                                                                                                                                                                      • Instruction ID: 4a7735642e2b18599ced3c1a7b55999fd6587c13077e248b29b36dfa168fd453
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0aa353734cd2757dcafc435e18f9e496c362ffaffce6a2e2fac3e9d2a8b7e651
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB217112B2BE72A2EF94AF15E2900785A50FF44FC4F142431DA5D87B99CF28E8518B44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1645320 Relevance: 9.0, APIs: 6, Instructions: 33COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X_free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2268491255-0
                                                                                                                                                                                                                      • Opcode ID: 9ebb44a18d46cd6d82ab736cafde8de4ff649955874f619762421e4823475d1b
                                                                                                                                                                                                                      • Instruction ID: 14d55d070c1d5b4392d2412283f743b01de27a1d67f456b92eee97caf9a5b077
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ebb44a18d46cd6d82ab736cafde8de4ff649955874f619762421e4823475d1b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C901522260AE85D1D784AFA1D5903A877E4FF90FC4F48D136DE8D8B69ACF38C4518B50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1656310 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$tls12_copy_sigalgs
                                                                                                                                                                                                                      • API String ID: 1552677711-2872464142
                                                                                                                                                                                                                      • Opcode ID: 980a02a6581a01fbe6dc403342e0bf76759dcebfcdda83b0d3c88b9f4d256004
                                                                                                                                                                                                                      • Instruction ID: 4ddf8fabc0d556fdb3babbc4151954e059aba95505208d70bf67c7635cba4b27
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 980a02a6581a01fbe6dc403342e0bf76759dcebfcdda83b0d3c88b9f4d256004
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F231C222E0AE52A2E760DB15D4946792A90FB44BE8F587431EE4CC7686CF7CED81CB50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165E6E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • BIO_indent.LIBCRYPTO-3(FFFFFFFE,00000000,0000004D,00007FF8A165E5C1,?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E752
                                                                                                                                                                                                                      • BIO_printf.LIBCRYPTO-3(FFFFFFFE,00000000,0000004D,00007FF8A165E5C1,?,?,?,?,?,?,?,00007FF8A165D7CC), ref: 00007FF8A165E78B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_indentO_printf
                                                                                                                                                                                                                      • String ID: Signature$Signature Algorithm: %s (0x%04x)$UNKNOWN
                                                                                                                                                                                                                      • API String ID: 1860387303-3399393549
                                                                                                                                                                                                                      • Opcode ID: 1fe9459a3b0e58aa9dde9dad7f9a90a73c342d53d064fb4b9bf4dcef0591f6d8
                                                                                                                                                                                                                      • Instruction ID: 6da69674efe27e1d5a6df4b182debac723f6e3d72bdcfbfc740cd283ebac4499
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fe9459a3b0e58aa9dde9dad7f9a90a73c342d53d064fb4b9bf4dcef0591f6d8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18317022B09F9196DB50DF5AA4451A9BB91F784BF0F495232EEAC83791DF3CD041CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214A1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_early_data
                                                                                                                                                                                                                      • API String ID: 476316267-1965843967
                                                                                                                                                                                                                      • Opcode ID: 4c4bb37612c917996f32b2f41824f4b39e5e5ec053146ae3fcc37efe10ed1f51
                                                                                                                                                                                                                      • Instruction ID: 37c46df2fa94cfc098b370e7a18c8d26c04b837345842c3986ad9c1c6131d68e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c4bb37612c917996f32b2f41824f4b39e5e5ec053146ae3fcc37efe10ed1f51
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1821A761F1E913A2FBA4A712E9457B92A45DF807C0F4C6430EA0DC6AC2DF6CED818F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621453 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$R_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_supported_versions
                                                                                                                                                                                                                      • API String ID: 476316267-1917491940
                                                                                                                                                                                                                      • Opcode ID: 654ade40d126d3e33c7a30d246fde751cd17897490057aa7eeef6d047e04cb80
                                                                                                                                                                                                                      • Instruction ID: 8e147aafcd60b4359aa2b94e00660dd8817f0ea2211748cb983bd1d25f9f7f1a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 654ade40d126d3e33c7a30d246fde751cd17897490057aa7eeef6d047e04cb80
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C218392F1FD4262FB909A15E8557B92B51DF447C0F5C6031DA4DC7AE6DE2DE8418F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1639410 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_strcasecmp
                                                                                                                                                                                                                      • String ID: +automatic$auto$automatic
                                                                                                                                                                                                                      • API String ID: 4194642261-1892669398
                                                                                                                                                                                                                      • Opcode ID: 119b423f726b6808b0a7a4277664e31be03bf93c97af1285d5ef739f9ec5cf63
                                                                                                                                                                                                                      • Instruction ID: ef5b32ef245940d30c3133c422f1e6acaaeb4fe1a32123add351b62bc31f8f26
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 119b423f726b6808b0a7a4277664e31be03bf93c97af1285d5ef739f9ec5cf63
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9421B526B0FE5261EBA48B15A4002B93F91EF44BC0F486431EE4E87787DF2CE8148F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A163E624 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_use_psk_identity_hint
                                                                                                                                                                                                                      • API String ID: 0-601318550
                                                                                                                                                                                                                      • Opcode ID: 1c4556e0e13f3716f26c724bd533d4c617e47cf1c51653100ecb8e55b89ba441
                                                                                                                                                                                                                      • Instruction ID: 03df388465ff71acdc21767db480760dde0b956833a17a3cdc8eb53b0dabbd7c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c4556e0e13f3716f26c724bd533d4c617e47cf1c51653100ecb8e55b89ba441
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A11C4B2F1ED42B6F7959B7588643F82AA1EF057C0F542431D60DCA6D2DF1CA5828F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504684 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                                      • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                      • API String ID: 1522575347-3913127203
                                                                                                                                                                                                                      • Opcode ID: b9fb2c3b60547988697a9b2da13645cf469a9d9b032dcf46fa4a5736140a793b
                                                                                                                                                                                                                      • Instruction ID: 1be71a1feb6c4f96d5901350b7e0b4e9ea9c127af033a106ce258e78b915445f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9fb2c3b60547988697a9b2da13645cf469a9d9b032dcf46fa4a5736140a793b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521D465E0AE82EAE7588B91DC501782FA1EB49FC4F44C031DA4D47760DF2CD8968F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504C4C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                      • String ID: not a numeric character
                                                                                                                                                                                                                      • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                      • Opcode ID: d2e688de83624ccc056ddaee3ef8598c876a33558cf59e13c660496c3fe4edaa
                                                                                                                                                                                                                      • Instruction ID: 185df7f8e3733d3fdc33b0e71c0b340c0507c5b636d3c6955c6264541c75205b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2e688de83624ccc056ddaee3ef8598c876a33558cf59e13c660496c3fe4edaa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90216D25E2ED42E9EB558BA6E8151386BE0FF54FC4F188431DA4E47674EF2CE8918F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165D6E6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_indentO_printf
                                                                                                                                                                                                                      • String ID: %s=0x%x (%s)$cookie$server_version
                                                                                                                                                                                                                      • API String ID: 1860387303-2821402668
                                                                                                                                                                                                                      • Opcode ID: cdcd296945ee0c6af791d258c8f2ca5dcabc6c3aa595190e87285eab1cdc08fc
                                                                                                                                                                                                                      • Instruction ID: 83c2bddcb0b1d9b33dc30885fde427fad7ed9801e63cfb6548280ec707bc998e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdcd296945ee0c6af791d258c8f2ca5dcabc6c3aa595190e87285eab1cdc08fc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B11E0A2B1EE9261EB109B14E4100B97A52FB807F4F447232D9AD976E1DF3CE583CB14
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504348 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                      • String ID: not a decimal
                                                                                                                                                                                                                      • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                      • Opcode ID: 0e5005b2c5d1edb5be57623f99fda4d7f8d670306b4d9129cc6de48c321b5f26
                                                                                                                                                                                                                      • Instruction ID: 9f28544bc32f98b768027518ed3fa977586ff622cea91eb8eafb924b9fe47eaa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e5005b2c5d1edb5be57623f99fda4d7f8d670306b4d9129cc6de48c321b5f26
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB111621A1AD43EAFB558B95E85427D6BA1EF44FC4F446430DA4E47674DF2CE8818B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622234 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_set_ct_validation_callback
                                                                                                                                                                                                                      • API String ID: 1552677711-4238296029
                                                                                                                                                                                                                      • Opcode ID: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                                      • Instruction ID: 642158e678b10a1c00461e4c2a09b4a2e408192d78060f7882f1fdacac590b8b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE11C436B29E82A2E780DF12E9406A97B60FF84BC4F586031EA4D87B95DF2CD441CB04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16222E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_ctrlR_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\d1_lib.c$dtls1_check_timeout_num
                                                                                                                                                                                                                      • API String ID: 2442628283-2777391390
                                                                                                                                                                                                                      • Opcode ID: 6f4fd494acee96ba14a5cb940081173fe68ee50fb27bd50b74c5281466100996
                                                                                                                                                                                                                      • Instruction ID: 2484b2ded3fc903ebf9da15e667e9cf257ee5ad44729b0a9ff5c785645e35c26
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f4fd494acee96ba14a5cb940081173fe68ee50fb27bd50b74c5281466100996
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E611E3B3F0AE8292EBC0AB55D851BFC2A61DB88BC1F442035DA0D877D1CF2C9580CB10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504A58 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                      • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                      • API String ID: 3876575403-4190364640
                                                                                                                                                                                                                      • Opcode ID: e85da5aab55aa895370cdbac7bb62f5bbf83f0204084b8eb12daa98e9aef23c6
                                                                                                                                                                                                                      • Instruction ID: 7ec4aae12b83589e67eb0ea6c4dee9d9ab7bf20e1b7398c3a9bd46cb02828cdb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e85da5aab55aa895370cdbac7bb62f5bbf83f0204084b8eb12daa98e9aef23c6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79116D32A09E82E9EB50DF92E8411AA7B61EB48FC4F588032DE0D47725CF7CE585CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504294 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                      • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                      • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                      • Opcode ID: f77bc812c369ff4fbb832cb5bd84e8733bf0c09b38b532f09ccb66cacfd6a63c
                                                                                                                                                                                                                      • Instruction ID: 04b9ed81c9a3b6da98214664ad4072c1e094a886a62c81d614577e9f69d05cd1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f77bc812c369ff4fbb832cb5bd84e8733bf0c09b38b532f09ccb66cacfd6a63c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C113D31B0AE42EAEB50DF92E8401A96B60EB44FC4F589432DA5D47765CF3CE595CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504B98 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                      • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                      • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                      • Opcode ID: 01cfa4d1d5dbe23ab497850cb98c476b701b3dbc5c12568ee42f49d4449fa73f
                                                                                                                                                                                                                      • Instruction ID: 834c3e66b20a37352a170aae69b74b70b108a68ccc742405e550bf55e9e4ac55
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01cfa4d1d5dbe23ab497850cb98c476b701b3dbc5c12568ee42f49d4449fa73f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB115B31A0AE82E9EB60DB82E8401A96B60FB44FC4F588032DA5D47775DF3DE585CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504964 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                      • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                      • API String ID: 3979797681-4001128513
                                                                                                                                                                                                                      • Opcode ID: e44edb2c20a2c067d6a75cd0113f3f5b7ed8bdd68196569d22878933af1a37a7
                                                                                                                                                                                                                      • Instruction ID: ee7734f26ea8368c49fe01f01eb0c6858437344d62f438a2ef4a63516254f211
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e44edb2c20a2c067d6a75cd0113f3f5b7ed8bdd68196569d22878933af1a37a7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5017161E0AE43E9EB54DB95AC411B92AA0FF4CFD4F404A36DA4D472A1DF2CD5948B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15041A8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                      • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                      • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                      • Opcode ID: 809b3a911867622def6a471f401bc9ab2e9cb4d82a4e6da02fa95bffaaaed76d
                                                                                                                                                                                                                      • Instruction ID: e0b69449244540ccf0beaf1d3f069bfcf503cfa3bf87e56820442ab6f1150cfb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 809b3a911867622def6a471f401bc9ab2e9cb4d82a4e6da02fa95bffaaaed76d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1014C61F1AE03EAEB549B91AC401B92AA0FF19FD4F844631D54D476A0CE2CD5858F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1502630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                      • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                      • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                      • Opcode ID: 5c668f8462dabc1beba982136be5ff4d231196eb6c801613895761589b03af2d
                                                                                                                                                                                                                      • Instruction ID: fc6654da9cfd6dad8dc34c06242eb64fe306c1176233ba7af85119ffddb22fe4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c668f8462dabc1beba982136be5ff4d231196eb6c801613895761589b03af2d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F0B620A2AF42EDEB458B91AC581796BA8FF58FC4B481435D94E06774EE3CE5588A10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621406 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_write
                                                                                                                                                                                                                      • API String ID: 1552677711-558453729
                                                                                                                                                                                                                      • Opcode ID: f795a7f870215b4c7ef3d00725c714e7f0cdc54c5cf9de571bba626cdcb68706
                                                                                                                                                                                                                      • Instruction ID: 595a0119b93d67ead8316f1248c6917f965cab6ed014cda09579665c4a75cff3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f795a7f870215b4c7ef3d00725c714e7f0cdc54c5cf9de571bba626cdcb68706
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AF05E55F1FD4667F740AB24D852AE92A50EF553C1FE02131E60CC29D2DF1DE9459E40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1653150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$SSL_CTX_set_tlsext_max_fragment_length
                                                                                                                                                                                                                      • API String ID: 1552677711-1180925554
                                                                                                                                                                                                                      • Opcode ID: a2ccf03ef1e851bf608a7eabc95ac11aa916ea27bfcf4fac2c59953d6929bc0a
                                                                                                                                                                                                                      • Instruction ID: dfede89ba1c850ad8622162451845b84d817800c6c0f37fc0791360e148ceab0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2ccf03ef1e851bf608a7eabc95ac11aa916ea27bfcf4fac2c59953d6929bc0a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12E06D5AF1FC8562F384B734D85A7E82A01EB503C2FD06431E00D81AD2DE1CAA4A8E05
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622419 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey
                                                                                                                                                                                                                      • API String ID: 1552677711-4052895991
                                                                                                                                                                                                                      • Opcode ID: 2db8c2c8c9cf176edf010fd05d8a89cb4bab678f973f7b3dc051a121d1e1995f
                                                                                                                                                                                                                      • Instruction ID: e26de4a7a90dc20decdda785dc8e5bbb3d6d5b7f2fab4c02747e449c1f1edfec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2db8c2c8c9cf176edf010fd05d8a89cb4bab678f973f7b3dc051a121d1e1995f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AE0E590F5FD02A2F388E730C8526F81641EF843C1FA06031E00CC16D2DF1CA5468E80
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16533F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$SSL_set_tlsext_max_fragment_length
                                                                                                                                                                                                                      • API String ID: 1552677711-2316233728
                                                                                                                                                                                                                      • Opcode ID: 9ed479348e7acf0d09b4a017a7bde8f21df55abddd4617647bbf75be60f4deba
                                                                                                                                                                                                                      • Instruction ID: ebeec13bab284967fc86a81fbc297fe40bd5039baebb0d6fe86ccb1e14333e66
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ed479348e7acf0d09b4a017a7bde8f21df55abddd4617647bbf75be60f4deba
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51E0ED5AF5F88567F384B774D8567E92A41EB50381FD06431E00D82AD2DF2CA98A8E15
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A164A640 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_PrivateKey
                                                                                                                                                                                                                      • API String ID: 1552677711-3350344708
                                                                                                                                                                                                                      • Opcode ID: 8c7ff56d9ca1143ebc6bab4eb5d324778858b28e4d5dfa9cb1e720a4f78bc8d2
                                                                                                                                                                                                                      • Instruction ID: a497dd82bd923ae903a144c3d191c7d7a266b16eec08383e3563f887607a6186
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c7ff56d9ca1143ebc6bab4eb5d324778858b28e4d5dfa9cb1e720a4f78bc8d2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42E06D95F1FD02A2E784F734C8526B82691EF503C0FA46031E00DC16D2DF1CA68A8E41
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621445 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                      • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                      • Opcode ID: eb668bfcb294817dc9ac1ed38ec7e655d6b9154359c3840f46d898fa57ace209
                                                                                                                                                                                                                      • Instruction ID: f674da0836b0862759706f98235a0df9bc4fb4dcac715cb1df6a7274f78a685e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb668bfcb294817dc9ac1ed38ec7e655d6b9154359c3840f46d898fa57ace209
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18E04F55F5EC02B3E390FB20D8529F92650EB403C1FD06031E10CC2AD2CF2CA9458F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162218A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ssl_bad_method
                                                                                                                                                                                                                      • API String ID: 1552677711-705084354
                                                                                                                                                                                                                      • Opcode ID: 73d4bc4dc57e58b248f5c350303ee93a52738317f6d741eab761d3b454a404c3
                                                                                                                                                                                                                      • Instruction ID: fc02f7c18fd72f332efdeebce3492031ac45fb873df378313f20704c11c0a11f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73d4bc4dc57e58b248f5c350303ee93a52738317f6d741eab761d3b454a404c3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCE04F55F1EC0273E380A72098529A91640EB503C1FD02035E00DC1AD2DE1CA5098E40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1632610 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2231116090-0
                                                                                                                                                                                                                      • Opcode ID: c8648ec94961e88461cf8be3766db2eb0bcccafd92a83c5879bb30beefd59833
                                                                                                                                                                                                                      • Instruction ID: c899da306370e2690e82412b99d8228e4e144f23f625eacdf3af15f6e12a9707
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8648ec94961e88461cf8be3766db2eb0bcccafd92a83c5879bb30beefd59833
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9F08111F0BE4252FF85AB6AB1153794594DF49BC0F086034E91CC779AFE2CD8504A00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16223D3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_srp
                                                                                                                                                                                                                      • API String ID: 0-2342567248
                                                                                                                                                                                                                      • Opcode ID: 04ae37fe526f8988199cd749ce5ae6a507ea1990f9e2e9586ec364012d1aa6aa
                                                                                                                                                                                                                      • Instruction ID: e52f243a30795cd18edf191d04b906e9ca0096489fd52d8e589b8aa8d92478f5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04ae37fe526f8988199cd749ce5ae6a507ea1990f9e2e9586ec364012d1aa6aa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93216291F1E947A1FB94AA26AA417B91A51EF50BC0F583030DD4DCEFC6DE2DE8818B44
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A165B140 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_indentO_printf
                                                                                                                                                                                                                      • String ID: %s (%d)$UNKNOWN
                                                                                                                                                                                                                      • API String ID: 1860387303-2251275378
                                                                                                                                                                                                                      • Opcode ID: a6b6a6df7af930050c1c9ecaa713cb2278706dcd97de78112f4413c0d46a13d3
                                                                                                                                                                                                                      • Instruction ID: e36f3a333b055ce0b95194181ac7b61ff2ab81ed1c8bfe29923d9ac6ae0b1e54
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6b6a6df7af930050c1c9ecaa713cb2278706dcd97de78112f4413c0d46a13d3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E221C823B09F9156E7519B56790057AAF92FB45BE0F586031DE4C83B44DE3CD442CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_renegotiate
                                                                                                                                                                                                                      • API String ID: 0-2728901138
                                                                                                                                                                                                                      • Opcode ID: cf738bbd052664f1972163c08f32e3213573d88c1c7d60971618b95c7380825e
                                                                                                                                                                                                                      • Instruction ID: f2d4363f2c5c4510fa19516ada6a0d841e4151916f1f2ac44b7a9fb5fd634212
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf738bbd052664f1972163c08f32e3213573d88c1c7d60971618b95c7380825e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39215391F1EA4362FB94A622A5017B91AD2EF807D4F483030DE0DC7FC6DE2DE5518B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162245F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_cryptopro_bug
                                                                                                                                                                                                                      • API String ID: 193678381-16985021
                                                                                                                                                                                                                      • Opcode ID: c034db7449d89fd5d5bf5b92379138d4e80573787f9318c5935796d7d4db6bb0
                                                                                                                                                                                                                      • Instruction ID: d63a42caa36bb0d2a639697645f8dd0c5cebf229ea3f3e6dfa45e850d0589eb0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c034db7449d89fd5d5bf5b92379138d4e80573787f9318c5935796d7d4db6bb0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1121D9B2F1DA41AAF7009F65D9502BE3A64EB847C8F442435EA0C8BB95CF7CE5408F40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622383 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_psk
                                                                                                                                                                                                                      • API String ID: 0-812599056
                                                                                                                                                                                                                      • Opcode ID: 62299609a353e2b5ef35ccc3493c89706b4d7e1fca1eb8cff1bff2aecc987eee
                                                                                                                                                                                                                      • Instruction ID: 206035f3466bc0c6d015a7ef8e43ab875f27e4a64c05d1bd620cde78c0b7f254
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62299609a353e2b5ef35ccc3493c89706b4d7e1fca1eb8cff1bff2aecc987eee
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37116651F1E902A6FB94A712E9457B92695EF84BD0F842031DD1DC7AC7DE2CE551CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622284 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_npn
                                                                                                                                                                                                                      • API String ID: 193678381-1466421906
                                                                                                                                                                                                                      • Opcode ID: fcd66b2461b37fdac20c8b9162487325bbce37f2a03b2fe78e7e2a1d63c30f13
                                                                                                                                                                                                                      • Instruction ID: 90c501bef558b96ea034ae9ae3abdfe675b6faa4ac0cc735e8fbd764d7b5ca02
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcd66b2461b37fdac20c8b9162487325bbce37f2a03b2fe78e7e2a1d63c30f13
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF118252F1A942A2F7A49715E5497B96B94EF447C0F486134E90CC6AD6DF2CD981CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162131B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_session_ticket
                                                                                                                                                                                                                      • API String ID: 193678381-585220546
                                                                                                                                                                                                                      • Opcode ID: 5be89e8aaf8129b670227eb625ba5779dff115930d81e0411de6ac60e2f24ee7
                                                                                                                                                                                                                      • Instruction ID: 2f62b7a618b2a9eed0f04ca3d0062011f8ca1fb6b11d66906dfd4b2e8eceaa4f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5be89e8aaf8129b670227eb625ba5779dff115930d81e0411de6ac60e2f24ee7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05117362F1E94266F7A0D716F5057B926A1EF847D0F482430E90DC7AD6DF2DD991CE00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16213F7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_post_handshake_auth
                                                                                                                                                                                                                      • API String ID: 0-3064004597
                                                                                                                                                                                                                      • Opcode ID: 6e9fc81e248d1771050c30741215e2248c5a071cbf6f7e1d9687760a2ce7ddcf
                                                                                                                                                                                                                      • Instruction ID: d1d32c0e436bf2c9bc51df8c7f52477158486887a74150944b297c63e508098b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e9fc81e248d1771050c30741215e2248c5a071cbf6f7e1d9687760a2ce7ddcf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E911A761F1E84262F7A0A715E6457B92654EF447C4F482034ED4CCAEC6EE6DD9818F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1694482 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_pre_work
                                                                                                                                                                                                                      • API String ID: 193678381-502776430
                                                                                                                                                                                                                      • Opcode ID: 6c79c052248e2a93e43b90475c497f167f5134c3122179fc076f9c745b5c6cf0
                                                                                                                                                                                                                      • Instruction ID: a8dafb77599b31eb029c6df958215b1206e69a2c22ae53f32fc2bd1c24cdb1a8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c79c052248e2a93e43b90475c497f167f5134c3122179fc076f9c745b5c6cf0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42115162B07E8192EB90CF25D4947B82B90FB84FD8F485035CA0C8B391CF68D8D5CB50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16734D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_sct
                                                                                                                                                                                                                      • API String ID: 193678381-3742653017
                                                                                                                                                                                                                      • Opcode ID: 6adf72154bb5548a042d2d6fd374382501a41f5abb360c904abe80a833c01703
                                                                                                                                                                                                                      • Instruction ID: e8e9df397ebbe3d340527b75c6051420e4463610c7a9942ddd8b64fb186b5eaa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6adf72154bb5548a042d2d6fd374382501a41f5abb360c904abe80a833c01703
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4411A562F1A941A2FB94DB16F5457F96650EF847C0F886030EE1CC7AC6EE2CD9508E04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162244B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ems
                                                                                                                                                                                                                      • API String ID: 0-3344448950
                                                                                                                                                                                                                      • Opcode ID: 558eb8a40d4f273b786a2913cd04aac3506eb01dbafc4cd81e815bba3646f587
                                                                                                                                                                                                                      • Instruction ID: 504723b33f092b2516a02b27c99b2be1de5b7ae7ca7fc0910e95805e175fd462
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 558eb8a40d4f273b786a2913cd04aac3506eb01dbafc4cd81e815bba3646f587
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1301E962F1E94162E790D716F5417E92644FF447C0F482030DA0CC7ED2EE1CD9818F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1501EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FF8A1501EDC), ref: 00007FF8A1503B25
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1501FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A1502008
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1501FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A1502026
                                                                                                                                                                                                                      • PyErr_Format.PYTHON312 ref: 00007FF8A1501F53
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                      • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                      • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                      • Opcode ID: 81cdf5c522269c450aa7f3bb4e55beb56d14da40ad0aecd7685d8911cc0a1a5d
                                                                                                                                                                                                                      • Instruction ID: 79f1046fa8d20fcd53a295ea8c95974e1a663b21cac318d991e2c759eabaa7a3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81cdf5c522269c450aa7f3bb4e55beb56d14da40ad0aecd7685d8911cc0a1a5d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4611EF66E2AD47E9EB008B94DC842B46761FB98FC8F840431DA5D462B0DF6DD14ACF10
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621370 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_write_transition
                                                                                                                                                                                                                      • API String ID: 0-415349073
                                                                                                                                                                                                                      • Opcode ID: 783583c88b5d40a5837b3b4ff999e39e0250b09e7486e30795e8fe38eef28995
                                                                                                                                                                                                                      • Instruction ID: 8287dca3d7af68e06e17d8df65463933b6d4b05cad492623e75ca505ce4cc87e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 783583c88b5d40a5837b3b4ff999e39e0250b09e7486e30795e8fe38eef28995
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C801C022F0EE42A7E790DB20D895BB82B51EB847C4F986032D94CC3791CF6DE981CA40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1692610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1692F70: ERR_new.LIBCRYPTO-3(?,00007FF8A169299D,?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1692FFE
                                                                                                                                                                                                                        • Part of subcall function 00007FF8A1692F70: ERR_set_debug.LIBCRYPTO-3(?,00007FF8A169299D,?,?,?,?,00000000,?,?,?,00007FF8A1696186), ref: 00007FF8A1693016
                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3 ref: 00007FF8A169266F
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3 ref: 00007FF8A1692687
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket
                                                                                                                                                                                                                      • API String ID: 193678381-2590191291
                                                                                                                                                                                                                      • Opcode ID: ca797f20881acc9e33f9f446db74b444f47e9f97bde600abd0a740248cbab19c
                                                                                                                                                                                                                      • Instruction ID: 0f73cda243d0a90b3a8be2dbcd1fbc2dcb024ba900411f67fb87ba401f2a5a82
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca797f20881acc9e33f9f446db74b444f47e9f97bde600abd0a740248cbab19c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB01B521F1EE43A3E7D4AB62E9416F82A55EF847C0F442031ED0CC7A86DE2CE5908B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622496 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_session_ticket
                                                                                                                                                                                                                      • API String ID: 193678381-517035293
                                                                                                                                                                                                                      • Opcode ID: 3a8c57f6a2762822a981a58b9d2e821ac97159adac92750c3833a1a15a525185
                                                                                                                                                                                                                      • Instruction ID: fd872ef15c090fd3c6c83aa454619caa139663b2c10303107de642928655c8a5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a8c57f6a2762822a981a58b9d2e821ac97159adac92750c3833a1a15a525185
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BF06891F1BE43A2E790AF65D8557A82750DF457D0F442031D90CC7B91DF1CE5D28A01
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621276 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_key_update
                                                                                                                                                                                                                      • API String ID: 193678381-4067644432
                                                                                                                                                                                                                      • Opcode ID: 8db60c85965691e7f6c63b2c68791f8f38c483b493a0c8dbaf0a587cdf3cbeaa
                                                                                                                                                                                                                      • Instruction ID: 57a38de267cd32b9e6ca7e3d3fc0d9073a7a3553b55a3c6c5a85e116ba68d950
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8db60c85965691e7f6c63b2c68791f8f38c483b493a0c8dbaf0a587cdf3cbeaa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCF06DA2F1B94262FBA0AB6598457E82A00DF447D5F446031DD0CC67C2EF2CA6818B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621285 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_post_process_message
                                                                                                                                                                                                                      • API String ID: 193678381-2213881910
                                                                                                                                                                                                                      • Opcode ID: 1aa18aebb8de171dd749d4a02ef9f40df96e5969515076d72d45fe417b46bd6c
                                                                                                                                                                                                                      • Instruction ID: 39b12223180b3f8145ace605a381614ae1c08b5ca144291e78160a18b4cb38c9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1aa18aebb8de171dd749d4a02ef9f40df96e5969515076d72d45fe417b46bd6c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99F0F092F1E942A2F3E496759851AB82A00CF483D0F543930E91CC22D1EE2CAA82CF60
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A166E4A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug$E_freeL_sk_newL_sk_pop_freeX509_
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c$tls_parse_certificate_authorities
                                                                                                                                                                                                                      • API String ID: 1675703442-3901154960
                                                                                                                                                                                                                      • Opcode ID: 0e196ba29a3cd6d1ebf676b44ba0fd75871f47d9335405379234f1c29e2b761d
                                                                                                                                                                                                                      • Instruction ID: 624c5add98a1ef13900089e16fe0093c09bfd0ca411a2994117f8925d9245511
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e196ba29a3cd6d1ebf676b44ba0fd75871f47d9335405379234f1c29e2b761d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3F06262F1EA42A6E7D4EB61F5557F92650EB847C4F446031FA0CC2AD6DE2CD980CE00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16213AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_process_message
                                                                                                                                                                                                                      • API String ID: 193678381-2684089212
                                                                                                                                                                                                                      • Opcode ID: fe81575291373b4b757203a7a3bf1471ad7e36ffb6def55288444c311a6f4b7d
                                                                                                                                                                                                                      • Instruction ID: 8f55aa5535e706418c03fe1ec3438dbafcbeb481ae7326bbbdc1a7517b799505
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe81575291373b4b757203a7a3bf1471ad7e36ffb6def55288444c311a6f4b7d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F0F422F1ED41E7E3809B65E8419B87B10EB447C8F901432EA4DC26E6DF2CD602CF40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16214C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_change_cipher_spec
                                                                                                                                                                                                                      • API String ID: 193678381-1954653785
                                                                                                                                                                                                                      • Opcode ID: 67da6c88f9a5e0e8ea380c606c4c1c9e185533fa094ec222dce6f684db2fd5bc
                                                                                                                                                                                                                      • Instruction ID: b0c5ef4926c7319248597dd8beb5e6dcb1219d7fbc76cf0a49feacec01bbd2ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67da6c88f9a5e0e8ea380c606c4c1c9e185533fa094ec222dce6f684db2fd5bc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0F08292F1E90273F7A4AB619C55BF81940DF9C3C0F847031D90CC67C2EE2CA6919B40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1621172 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_ems
                                                                                                                                                                                                                      • API String ID: 193678381-2230499117
                                                                                                                                                                                                                      • Opcode ID: b2ab34396721f5f91c47442cae922e5ad8c9b103f6bec6afc967abf81ba9423b
                                                                                                                                                                                                                      • Instruction ID: b3fc4e305893de7d97d64b2bd5d223bfb34afcac4851d67975e4d7a60a55c204
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2ab34396721f5f91c47442cae922e5ad8c9b103f6bec6afc967abf81ba9423b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5F0B4A2F0FA8267F794EB60D5497E82B50DF403C4F542030D50CC2AD2DF2C69D68B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1665330 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_write_bytes
                                                                                                                                                                                                                      • API String ID: 193678381-1372159586
                                                                                                                                                                                                                      • Opcode ID: 573739c45d0b34efe8a7218f09c80869c308562bdba204b991f29b976456f59d
                                                                                                                                                                                                                      • Instruction ID: cadcf730edb1958422d4a3fbcf689be7f1fcc44a1c916be9e6731a752950d867
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 573739c45d0b34efe8a7218f09c80869c308562bdba204b991f29b976456f59d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAF090A2E1EA01A7E790AB60E8117A86A50EF883D4F442131EA5C867D2DF7CD691CE54
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16946BD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                                      • API String ID: 193678381-3379596787
                                                                                                                                                                                                                      • Opcode ID: ac778d3db20db0e00db5178f5e06a860d616c48aa85e982aa143f6e1b40dac88
                                                                                                                                                                                                                      • Instruction ID: 074f99fe7831247b8f50c778e759ce7a6a2800365398e3acea28ded763a3b27c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac778d3db20db0e00db5178f5e06a860d616c48aa85e982aa143f6e1b40dac88
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94E08672B1D942A3E784EF15E4014E57711EFD03C0F842032D50C835929EA8E581DF00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1501FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                                                      • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                      • API String ID: 1114863663-87138338
                                                                                                                                                                                                                      • Opcode ID: a66cb3411865ffe2f74c3a94b8d9dde97e64c6f77a36f698b617df0dc8e11b4a
                                                                                                                                                                                                                      • Instruction ID: 77795cc86d3d3e0999ba39a1166109916bac522bf820caec2375d3335ee99b8e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a66cb3411865ffe2f74c3a94b8d9dde97e64c6f77a36f698b617df0dc8e11b4a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D561E472B19A42DEE7608A55EC006BA7A66FF80FD0F444235EA5D47AE9DF7CE5018F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1502C18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                      • Opcode ID: e3a4361b3e6cd731c0da18b35f80d01f3983e47e7677cddfa91ceafb80b259e4
                                                                                                                                                                                                                      • Instruction ID: 99212ec5a745b3c4ec4f9aa7d05dfcdbd7ffb6e3810c75da36178fff2a3906ce
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3a4361b3e6cd731c0da18b35f80d01f3983e47e7677cddfa91ceafb80b259e4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC111C26B15F019AEB00CFA0E8542A837B4FB19B98F441A35DA6D877A4DF7CD154C780
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1622257 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X509_$E_add_lookupP_storeR_pop_to_markR_set_mark
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3476065580-0
                                                                                                                                                                                                                      • Opcode ID: cb09f1179bec7edb40e2e8d828763ab570d824e08acafdaa8ea17abc4de8bd5e
                                                                                                                                                                                                                      • Instruction ID: 123ab2fdb4660f4aff3b8a5a63be28d9d273b909533130e4c43bdcba08bcd3f7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb09f1179bec7edb40e2e8d828763ab570d824e08acafdaa8ea17abc4de8bd5e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5F06D72A0AE4252EB90AB55F4517AD66A0EB48BD4F446131EA4C4BB8AEF3CE4414F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1639210 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1312970346-0
                                                                                                                                                                                                                      • Opcode ID: 12e6d4d1afd1d1277fa0f79b28d99069ba464e4763cb726048a7bb04a3b838b0
                                                                                                                                                                                                                      • Instruction ID: 22468ecdf02faa98f246c8d6efe4c605307584773c9f01a38681738311091f50
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12e6d4d1afd1d1277fa0f79b28d99069ba464e4763cb726048a7bb04a3b838b0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19F08262F1EE4292EB81AF26F5912B86691DF98BC0F44A031FE0D8778BDE2CD4504A00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16474A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: J_nid2snR_fetchR_pop_to_markR_set_mark
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2772354928-0
                                                                                                                                                                                                                      • Opcode ID: 7f956b9e4fe42e22247e4eb3d4b0199e2c30315807cb8d81546ad28f5fa91f19
                                                                                                                                                                                                                      • Instruction ID: 433eec1b953c053a07485d1b17214de14d2b25bba446c0735c0823d65a1197f6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f956b9e4fe42e22247e4eb3d4b0199e2c30315807cb8d81546ad28f5fa91f19
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89F03011F0FF9152EB84AB6269811B99991DF88BC0F086434FE4D97BDBDF2CE9514E00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1647220 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: X_free
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2268491255-0
                                                                                                                                                                                                                      • Opcode ID: 363515c756ca6ebd85c3aec3c2b185af4ebda8eba70b28f4b052b87baa8bd7c7
                                                                                                                                                                                                                      • Instruction ID: 8c140461051ce95913fe6b6e792b378d71e19e02c2ea99d6ce9826a193ff7af6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 363515c756ca6ebd85c3aec3c2b185af4ebda8eba70b28f4b052b87baa8bd7c7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DF0682260AE4591DB44AFA5D5503F966D4FF90FC4F08D131DE8C8B65ACF38C4118B50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A162E1B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_new$L_sk_new_nullL_sk_push
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1838660387-0
                                                                                                                                                                                                                      • Opcode ID: 6bb3114cdefc007a73e5d58c2eb7673d3f1539b19f24d31e1bcdfc093de9257b
                                                                                                                                                                                                                      • Instruction ID: 6c8229eb9854707d27b9aebc660a3dd190396fe10a78f24eee2abce2724ee636
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bb3114cdefc007a73e5d58c2eb7673d3f1539b19f24d31e1bcdfc093de9257b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6E03960F0FF02A2FBD06AA5D1402B92A84CF517C9F14A030DC4D8A7C6EE6CE4815A15
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16213E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: M_construct_endM_construct_utf8_string
                                                                                                                                                                                                                      • String ID: digest
                                                                                                                                                                                                                      • API String ID: 377494685-219324594
                                                                                                                                                                                                                      • Opcode ID: 01a9116b67c6b6119c1c97890801ea9a3521fd7c57a20ee0a811ddba25c70a4b
                                                                                                                                                                                                                      • Instruction ID: 92c4654b0569dfaf35e10fb49cfa5a96598b9818b7a03d0cb90f1c3e2bac23c5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01a9116b67c6b6119c1c97890801ea9a3521fd7c57a20ee0a811ddba25c70a4b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B421A622A08F8991E3519F25E4013A9AB64FF95BC4F54A271EF8C93756EF38D181CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1504B0C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                      • String ID: no such name
                                                                                                                                                                                                                      • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                      • Opcode ID: 9b51b83c7748053a6e2030f3d3d9d6b95dadfe3233204a1ab0fe32fb14f5447a
                                                                                                                                                                                                                      • Instruction ID: ded721ee11d3e0486e52098096999930ac26cb2e6c6d961c18d3ef8bf6099146
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b51b83c7748053a6e2030f3d3d9d6b95dadfe3233204a1ab0fe32fb14f5447a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58012131A1AE42EAEB619B51EC553B52BA0FF9CFC5F400031DA4D86364DF2CE1048F00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A1681677 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                      • API String ID: 3946675294-1997036262
                                                                                                                                                                                                                      • Opcode ID: b62216ac9af7fa7a938d27819fd2c62991d406f72beb77c406fed53e70659c17
                                                                                                                                                                                                                      • Instruction ID: bac7a31a4401daadd57b8b5615d5cf70d09bbb6634d185b711de9618a9d8dc8c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b62216ac9af7fa7a938d27819fd2c62991d406f72beb77c406fed53e70659c17
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6F09662F09A4197FB909F26E08037C2791E788BC4F185034DA0D8B7C6DF3CD4958B04
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A16222B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: M_construct_endM_construct_octet_string
                                                                                                                                                                                                                      • String ID: ssl3-ms
                                                                                                                                                                                                                      • API String ID: 587842064-1523337083
                                                                                                                                                                                                                      • Opcode ID: cb33b28ca49b3cadc2153c9f007c01985f40eccbe4a8572e9a34308780648db4
                                                                                                                                                                                                                      • Instruction ID: 3eaaeb36cded3341636bdbd35c400936ba71cd5b8d250ccc81404f7d339363d8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb33b28ca49b3cadc2153c9f007c01985f40eccbe4a8572e9a34308780648db4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3012C53C09F8992E311DF38C5011BC6770FBA9B88B55E321EA8C66117EF28E2D5CB00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A167E4B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,-00000031,?,00007FF8A167E9A4), ref: 00007FF8A167E4DB
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332816216.00007FF8A1621000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FF8A1620000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332801220.00007FF8A1620000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332816216.00007FF8A16A2000.00000020.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332878253.00007FF8A16A4000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332902700.00007FF8A16CC000.00000008.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332919537.00007FF8A16D0000.00000004.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D1000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16D7000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332935149.00007FF8A16DF000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1620000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: R_set_debug
                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                      • API String ID: 488089507-3323778802
                                                                                                                                                                                                                      • Opcode ID: 9423764038b2bb9f832e250bb11bcbdbae459363b9c79455dd2bad0b820450c2
                                                                                                                                                                                                                      • Instruction ID: 261dfc7b45a979d32540111e241d1a737562b1e778a7ce525c92f61dd700acc6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9423764038b2bb9f832e250bb11bcbdbae459363b9c79455dd2bad0b820450c2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F03723B5D9466AF7929F20B8117EA6B51EB957E4F445032CF4C82592DE3C95878B00
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FF8A15025C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FF8A1502533), ref: 00007FF8A15025C6
                                                                                                                                                                                                                      • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FF8A1502533), ref: 00007FF8A15025F8
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.3332559145.00007FF8A1501000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FF8A1500000, based on PE: true
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332509922.00007FF8A1500000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1505000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A1562000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15AE000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B2000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A15B7000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332575367.00007FF8A160F000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332750127.00007FF8A1612000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 00000002.00000002.3332785685.00007FF8A1614000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_7ff8a1500000_SecuriteInfo.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Object_$Track
                                                                                                                                                                                                                      • String ID: 3.2.0
                                                                                                                                                                                                                      • API String ID: 16854473-1786766648
                                                                                                                                                                                                                      • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                      • Instruction ID: 03658e85bccd45bc3c825ea3d325595174341a004b6218f468f67c79223b894b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E07565A2BF06F9EB159F91EC840A92BB8EF08F94B540535CD4D02370EF3CE5A8DA51
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%