Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Analysis ID:1464668
MD5:0fd93d95f5427314c472acf35a741bd8
SHA1:82c4a03fc289ff7231a55c781838a07cf2cb3afd
SHA256:cb8109d659672303e80f6666d566f8192f3134d3d67048e1a60ff3ace62c66f5
Tags:exe
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe (PID: 7080 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe" MD5: 0FD93D95F5427314C472ACF35A741BD8)
    • conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe (PID: 6308 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe" MD5: 0FD93D95F5427314C472ACF35A741BD8)
      • cmd.exe (PID: 5668 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeReversingLabs: Detection: 23%
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeVirustotal: Detection: 32%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeJoe Sandbox ML: detected
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000002.2913296703.00007FF719558000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2915252559.00007FF719558000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmp, _queue.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmp, _bz2.pyd.0.dr
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000002.2913296703.00007FF719558000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2915252559.00007FF719558000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679378043.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679378043.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmp, winsound.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2916823285.00007FFDFB87B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source: unknownDNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED5B24 memset,recvfrom,2_2_00007FFE11ED5B24
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680955633.000002D4D02E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681701747.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1682443888.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: base_library.zip.0.drString found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2912729731.000001FCA0DAA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887512543.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1885600562.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913400340.000001FCA2CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884230978.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884542658.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886465786.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard#api)
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/archive/master.zip)
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/issues/20)
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/issues/21)
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/keyboard/issues/22)
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/boppreh/mouse)
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914051456.000001FCA3020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913074696.000001FCA0E48000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2912729731.000001FCA0DAA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887512543.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1885600562.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913400340.000001FCA2CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884230978.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884542658.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886465786.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2912729731.000001FCA0DAA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887512543.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1885600562.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913400340.000001FCA2CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884230978.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884542658.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886465786.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887833618.000001FCA2E39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: base_library.zip.0.drString found in binary or memory: https://mahler:8092/site-updates.py
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914051456.000001FCA3020000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914554106.000001FCA3754000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nitrogencfg.vercel.app/
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nitrogencfg.vercel.app/z
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914135975.000001FCA3184000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2916823285.00007FFDFB87B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/keyboard/):
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: base_library.zip.0.drString found in binary or memory: https://www.python.org/
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1881910845.000001FCA2C94000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913074696.000001FCA0DC0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2917204452.00007FFDFB918000.00000004.00000001.01000000.00000005.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/

System Summary

barindex
PE file contains section with special chars
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED10602_2_00007FFE11ED1060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D12B02_2_00007FFE126D12B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D6EAC2_2_00007FFE126D6EAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D1BB02_2_00007FFE126D1BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D53A02_2_00007FFE126D53A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126DF81C2_2_00007FFE126DF81C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D2FF02_2_00007FFE126D2FF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D25302_2_00007FFE126D2530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D5CE02_2_00007FFE126D5CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126D8D402_2_00007FFE126D8D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13213E602_2_00007FFE13213E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13212EB02_2_00007FFE13212EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13213BD02_2_00007FFE13213BD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE1321C7D82_2_00007FFE1321C7D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE132160C02_2_00007FFE132160C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE132110002_2_00007FFE13211000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE132332002_2_00007FFE13233200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE133077782_2_00007FFE13307778
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE133096202_2_00007FFE13309620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E2ED02_2_00007FFE148E2ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E39F02_2_00007FFE148E39F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E32E02_2_00007FFE148E32E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E3F502_2_00007FFE148E3F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E1F502_2_00007FFE148E1F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E27A02_2_00007FFE148E27A0
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Number of sections : 12 > 10
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679836264.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679378043.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680554577.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewinsound.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918499548.00007FFDFBAB7000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamewinsound.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Section: ZLIB complexity 1.000403845506658
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Section: ZLIB complexity 0.998986369335005
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Section: ZLIB complexity 1.0240700218818382
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Section: ZLIB complexity 1.0578947368421052
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Section: ZLIB complexity 1.0030103995621238
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Section: .taggant ZLIB complexity 1.0013395031660983
Source: classification engineClassification label: mal84.evad.winEXE@6/21@1/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeReversingLabs: Detection: 23%
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeVirustotal: Detection: 32%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSection loaded: winmm.dllJump to behavior
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic file information: File size 13256130 > 1048576
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x41f800
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683662341.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1683883517.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680138844.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000002.2913296703.00007FF719558000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2915252559.00007FF719558000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680351652.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmp, _queue.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679718633.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmp, _bz2.pyd.0.dr
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000002.2913296703.00007FF719558000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2915252559.00007FF719558000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679378043.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679378043.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680424612.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1684376260.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmp, winsound.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2916823285.00007FFDFB87B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name:
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name: .imports
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name: .themida
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name: .boot
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name: .taggant
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python311.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9425B push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9425B push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90178 push cs; ret 2_3_000001FCA0C90181
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90178 push cs; ret 2_3_000001FCA0C90181
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90138 push edx; retn 0003h2_3_000001FCA0C90139
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90138 push edx; retn 0003h2_3_000001FCA0C90139
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9342C push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9342C push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9352E push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9352E push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C942D7 push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C942D7 push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C937E0 push ds; ret 2_3_000001FCA0C937E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C937E0 push ds; ret 2_3_000001FCA0C937E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90192 push esi; ret 2_3_000001FCA0C90199
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90192 push esi; ret 2_3_000001FCA0C90199
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9425B push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9425B push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90178 push cs; ret 2_3_000001FCA0C90181
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90178 push cs; ret 2_3_000001FCA0C90181
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90138 push edx; retn 0003h2_3_000001FCA0C90139
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90138 push edx; retn 0003h2_3_000001FCA0C90139
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9342C push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9342C push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9352E push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C9352E push cs; iretd 2_3_000001FCA0C93502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C942D7 push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C942D7 push ebx; iretd 2_3_000001FCA0C942E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C937E0 push ds; ret 2_3_000001FCA0C937E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C937E0 push ds; ret 2_3_000001FCA0C937E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_3_000001FCA0C90192 push esi; ret 2_3_000001FCA0C90199
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name: entropy: 7.978639276152732
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeStatic PE information: section name: .taggant entropy: 7.931407388101191

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_webp.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\winsound.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70802\unicodedata.pydJump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_webp.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\winsound.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70802\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeAPI coverage: 1.3 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe TID: 6352Thread sleep time: -96000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe TID: 2104Thread sleep time: -92000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE1323F698 GetSystemInfo,VirtualAlloc,2_2_00007FFE1323F698
Source: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeSystem information queried: ModuleInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED2BC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE11ED2BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED2600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE11ED2600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED2BC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE11ED2BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126E3BB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE126E3BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE126E35E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE126E35E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE12E123A0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE12E123A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE12E11DD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE12E11DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE130C1B00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE130C1B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE130C1530 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE130C1530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE132014F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE132014F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13201AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE13201AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE1321A090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE1321A090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE1321AAD8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE1321AAD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13236254 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE13236254
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13235CB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE13235CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE13310468 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE13310468
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E52F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE148E52F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE148E4D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE148E4D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFDFB2B1000 cpuid 2_2_00007FFDFB2B1000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70802\winsound.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFDFB3CE600 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00007FFDFB3CE600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED5610 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFE11ED5610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeCode function: 2_2_00007FFE11ED45E8 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFE11ED45E8

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		33
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory531
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager33
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Software Packing		NTDS24
System Information Discovery		Distributed Component Object ModelInput Capture1
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe24%ReversingLabs
SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe32%VirustotalBrowse
SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingcms.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingcms.cp311-win_amd64.pyd2%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingtk.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingtk.cp311-win_amd64.pyd3%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_webp.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_webp.cp311-win_amd64.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\VCRUNTIME140.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_bz2.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_ctypes.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_decimal.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_hashlib.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_lzma.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_queue.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_socket.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\_ssl.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI70802\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\python311.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70802\winsound.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
206.23.85.13.in-addr.arpa1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://github.com/python-pillow/Pillow/0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%Avira URL Cloudsafe
http://www.robotstxt.org/norobots-rfc.txt0%Avira URL Cloudsafe
https://www.python.org/download/releases/2.3/mro/.0%Avira URL Cloudsafe
https://github.com/boppreh/keyboard/issues/22)0%Avira URL Cloudsafe
http://www.robotstxt.org/norobots-rfc.txt0%VirustotalBrowse
https://github.com/python-pillow/Pillow/0%VirustotalBrowse
https://nitrogencfg.vercel.app/z0%Avira URL Cloudsafe
https://www.python.org/download/releases/2.3/mro/.0%VirustotalBrowse
https://www.python.org/0%Avira URL Cloudsafe
https://github.com/boppreh/keyboard/issues/20)0%Avira URL Cloudsafe
https://github.com/boppreh/keyboard/issues/22)0%VirustotalBrowse
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%VirustotalBrowse
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%Avira URL Cloudsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%Avira URL Cloudsafe
https://json.org0%Avira URL Cloudsafe
https://github.com/boppreh/mouse)0%Avira URL Cloudsafe
https://www.python.org/1%VirustotalBrowse
https://github.com/boppreh/keyboard/issues/20)0%VirustotalBrowse
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%VirustotalBrowse
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%Avira URL Cloudsafe
https://pypi.python.org/pypi/keyboard/):0%Avira URL Cloudsafe
https://json.org0%VirustotalBrowse
https://github.com/boppreh/keyboard#api)0%Avira URL Cloudsafe
https://www.python.org/psf/license/0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%VirustotalBrowse
https://pypi.python.org/pypi/keyboard/):0%VirustotalBrowse
https://github.com/boppreh/keyboard/archive/master.zip)0%Avira URL Cloudsafe
https://github.com/boppreh/mouse)0%VirustotalBrowse
http://cacerts.digicert.co0%Avira URL Cloudsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%VirustotalBrowse
https://github.com/boppreh/keyboard/issues/21)0%Avira URL Cloudsafe
https://www.openssl.org/H0%Avira URL Cloudsafe
https://github.com/boppreh/keyboard/archive/master.zip)0%VirustotalBrowse
https://nitrogencfg.vercel.app/0%Avira URL Cloudsafe
https://github.com/boppreh/keyboard#api)0%VirustotalBrowse
https://peps.python.org/pep-0205/0%Avira URL Cloudsafe
https://www.python.org/psf/license/0%VirustotalBrowse
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py0%Avira URL Cloudsafe
https://github.com/boppreh/keyboard0%Avira URL Cloudsafe
https://peps.python.org/pep-0205/0%VirustotalBrowse
https://www.openssl.org/H0%VirustotalBrowse
https://peps.python.org/pep-0263/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py0%VirustotalBrowse
https://peps.python.org/pep-0263/0%VirustotalBrowse
https://github.com/boppreh/keyboard0%VirustotalBrowse
https://github.com/boppreh/keyboard/issues/21)0%VirustotalBrowse
http://cacerts.digicert.co0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
206.23.85.13.in-addr.arpa
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913074696.000001FCA0E48000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://mahler:8092/site-updates.pybase_library.zip.0.drfalse
  • Avira URL Cloud: safe
unknown
http://www.robotstxt.org/norobots-rfc.txtbase_library.zip.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python-pillow/Pillow/SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914051456.000001FCA3020000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.python.org/download/releases/2.3/mro/.SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1881910845.000001FCA2C94000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913074696.000001FCA0DC0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/keyboard/issues/22)SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://nitrogencfg.vercel.app/zSecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/base_library.zip.0.drfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/keyboard/issues/20)SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerSecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2912729731.000001FCA0DAA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887512543.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1885600562.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913400340.000001FCA2CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884230978.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884542658.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886465786.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://json.orgSecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887833618.000001FCA2E39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2912729731.000001FCA0DAA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887512543.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1885600562.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913400340.000001FCA2CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884230978.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884542658.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886465786.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/mouse)SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sySecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2912729731.000001FCA0DAA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887512543.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1885600562.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913400340.000001FCA2CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884230978.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882818769.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1884542658.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883536455.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886465786.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1882489637.000001FCA0DB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1883026732.000001FCA0D97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://pypi.python.org/pypi/keyboard/):SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.python.org/psf/license/SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2917204452.00007FFDFB918000.00000004.00000001.01000000.00000005.sdmp, python311.dll.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/keyboard#api)SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/keyboard/archive/master.zip)SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://cacerts.digicert.coSecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1680238947.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1679987372.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/keyboard/issues/21)SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.openssl.org/HSecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000000.00000003.1681821409.000002D4D02DB000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://nitrogencfg.vercel.app/SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914051456.000001FCA3020000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914554106.000001FCA3754000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0205/SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2914135975.000001FCA3184000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pySecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888223831.000001FCA2CF9000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/boppreh/keyboardSecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886525941.000001FCA2EE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2913577566.000001FCA2E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2E97000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1888279051.000001FCA2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1887589485.000001FCA2F48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000003.1886425989.000001FCA2F39000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0263/SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, 00000002.00000002.2916823285.00007FFDFB87B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1464668
Start date and time:2024-06-29 18:29:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
Detection:MAL
Classification:mal84.evad.winEXE@6/21@1/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingcms.cp311-win_amd64.pydSecuriteInfo.com.FileRepMalware.10144.24483.exeGet hashmaliciousDiscord Token StealerBrowse
    Caffeine AIO [V7.0].exeGet hashmaliciousPython StealerBrowse
      Timeless.exeGet hashmaliciousUnknownBrowse
        88.exeGet hashmaliciousPython StealerBrowse
          d12.exeGet hashmaliciousUnknownBrowse
            C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pydSecuriteInfo.com.FileRepMalware.10144.24483.exeGet hashmaliciousDiscord Token StealerBrowse
              Caffeine AIO [V7.0].exeGet hashmaliciousPython StealerBrowse
                Timeless.exeGet hashmaliciousUnknownBrowse
                  88.exeGet hashmaliciousPython StealerBrowse
                    d12.exeGet hashmaliciousUnknownBrowse
                      C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingtk.cp311-win_amd64.pydSecuriteInfo.com.FileRepMalware.10144.24483.exeGet hashmaliciousDiscord Token StealerBrowse
                        Timeless.exeGet hashmaliciousUnknownBrowse
                          88.exeGet hashmaliciousPython StealerBrowse
                            d12.exeGet hashmaliciousUnknownBrowse

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imaging.cp311-win_amd64.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):2391552
                              Entropy (8bit):6.459367549547243
                              Encrypted:false
                              SSDEEP:49152:A+QkpQIofdK7kmrpCQkU8UpjNuLrLrLrLu2fFFH:ZKK7k+K
                              MD5:DC83CB57B9CABCB1E19650E7A82697DE
                              SHA1:F62D681C02C48453AE03733B830C05020F6BA971
                              SHA-256:F82BD3CF95E02749FF1ADFF76725E3645E17C2780954BD724ED63EF6827633F5
                              SHA-512:54AB930F2309A87E956A7A59A14FB50E16F8D341809E368C0817B9EA54F81B12D96E6975DF81B54DFC0AE1372DD7798A1150CF8A62980168727F04D844A50D43
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Joe Sandbox View:
                              • Filename: SecuriteInfo.com.FileRepMalware.10144.24483.exe, Detection: malicious, Browse
                              • Filename: Caffeine AIO [V7.0].exe, Detection: malicious, Browse
                              • Filename: Timeless.exe, Detection: malicious, Browse
                              • Filename: 88.exe, Detection: malicious, Browse
                              • Filename: d12.exe, Detection: malicious, Browse
                              Reputation:low
                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........V...8...8...8.......8...9...8......8...=...8...<...8...;...8.c.9...8...9...8...9...8.r.<.].8...8...8.r.0...8.r.8...8.r....8.r.:...8.Rich..8.................PE..d....+.d.........." ...#.@...l......,.........................................$...........`......................................... .#.`.....#.......$.......#...............$.x...@.!.......................!.(.....!.@............P...............................text...H>.......@.................. ..`.rdata.......P.......D..............@..@.data...h.... #..^....#.............@....pdata........#......r#.............@..@.rsrc.........$......f$.............@..@.reloc..x.....$......h$.............@..B................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingcms.cp311-win_amd64.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):256512
                              Entropy (8bit):6.274108556030834
                              Encrypted:false
                              SSDEEP:6144:BWPDrbQBTAcY355skl/RI7OMhkAXLg9uP1+74/LgHmPr9qvZqhLanLTLzLfqeqwE:BWbrboTJcihhkAXLg9uP1+74/LgHmPr4
                              MD5:657483468C9476E4E14E283EAC7DDA9F
                              SHA1:1DF0BE46E8F0FFA115613EE6FF0C4F66BCC7728B
                              SHA-256:D1AB1BDEBA8D908F424129E3F8D1070FB62F847100B284738BB245664BFA1B5B
                              SHA-512:EE140A7F0E4A4F3CD78FF4247E96400D6033973AD78AD6134DCA986F283647C9B21D4CC12E51B9A654B4A16A7CCE5908DB7C1AE130889161A6B898ACCCFBF8AF
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 2%, Browse
                              Joe Sandbox View:
                              • Filename: SecuriteInfo.com.FileRepMalware.10144.24483.exe, Detection: malicious, Browse
                              • Filename: Caffeine AIO [V7.0].exe, Detection: malicious, Browse
                              • Filename: Timeless.exe, Detection: malicious, Browse
                              • Filename: 88.exe, Detection: malicious, Browse
                              • Filename: d12.exe, Detection: malicious, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cA.<' .o' .o' .o.X8o) .o.\.n% .o.\.n* .o.\.n/ .o.\.n# .o.\.n% .olX.n .o' .oI .o.].n1 .o.].n& .o.]To& .o.].n& .oRich' .o........................PE..d....+.d.........." ...#..... ......,........................................ ............`..........................................y..h....y..................t....................?..............................`>..@...............p............................text............................... ..`.rdata..n...........................@..@.data....>.......8...z..............@....pdata..t........0..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_imagingtk.cp311-win_amd64.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):14848
                              Entropy (8bit):4.937094002996494
                              Encrypted:false
                              SSDEEP:192:pq/Ztwu+7WM00KCErQoSM8ZudFFojckgTfgZ:0ZoHKpsoSYzoTgTo
                              MD5:D8E253662C0C4024A4A52FF315D7A35F
                              SHA1:DB5D87552A2C9062ADC28C443A50052BF77F3207
                              SHA-256:F02614E89464C481A483CDC1445960BF22A65984A538354C8D5BD0CA917B7421
                              SHA-512:5C8920A7BDFBB68B5A57BEBB4E162C5439B178016D574906554DC68ACC11D34605771C4063152B8608F5983777121084478FC3A0069D02EC04F2EEFFE2F24A30
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 3%, Browse
                              Joe Sandbox View:
                              • Filename: SecuriteInfo.com.FileRepMalware.10144.24483.exe, Detection: malicious, Browse
                              • Filename: Timeless.exe, Detection: malicious, Browse
                              • Filename: 88.exe, Detection: malicious, Browse
                              • Filename: d12.exe, Detection: malicious, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..?2..l2..l2..l;.fl8..l...m0..l...m>..l...m:..l...m1..l...m0..ly..m7..l2..l...l..m0..l..m3..l..l3..l..m3..lRich2..l................PE..d....+.d.........." ...#.....$......@.....................................................`.........................................p;..d....;.......p.......`..................<...`5.............................. 4..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data........P.......0..............@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc..<............8..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\PIL\_webp.cp311-win_amd64.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):532480
                              Entropy (8bit):6.582095988848158
                              Encrypted:false
                              SSDEEP:12288:byLlHZpSfhb7f2Lc9LrLrLrLFmTx158nAyzMSJe:bMIfhb9LrLrLrLFm3CAo9J
                              MD5:D5625ADB3503EE8D85777F1467E3827D
                              SHA1:7F696BB84D998C1B2DA74A394356C5250E59D180
                              SHA-256:83207C4D4FF7FFBBB90B2498E39557E80EAAC2956F0BEBB9433CE9301461F5FF
                              SHA-512:9F1AD5812DBE7439BF426C8B32AA6CF81146D503F4561D852C11B71077EE2073A7E98ACDFB04EAB0EFBA8891F6BDB6E817B342929B8985AC534EBFFDAB402C95
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{...(...(...(..z(...(4..)...(...)...(4..)...(4..)...(4..)...(C..)...(...(..(R..)..(R..)...(R..)...(R..(...(R..)...(Rich...(........................PE..d....+.d.........." ...#..................................................................`.............................................\............p....... ..|M.................. W...............................U..@............................................text...X........................... ..`.rdata..............................@..@.data....2..........................@....pdata..|M... ...N..................@..@.rsrc........p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\VCRUNTIME140.dll

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):109392
                              Entropy (8bit):6.641929675972235
                              Encrypted:false
                              SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                              MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                              SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                              SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                              SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Reputation:moderate, very likely benign file
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_bz2.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):84760
                              Entropy (8bit):6.570831353064175
                              Encrypted:false
                              SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                              MD5:3859239CED9A45399B967EBCE5A6BA23
                              SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                              SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                              SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_ctypes.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):123664
                              Entropy (8bit):6.058417150946148
                              Encrypted:false
                              SSDEEP:3072:c7u5LnIx1If3yJdqfLI2AYX5BO89IPLPPUxdF:cwxfijqfLI29BO8VF
                              MD5:BD36F7D64660D120C6FB98C8F536D369
                              SHA1:6829C9CE6091CB2B085EB3D5469337AC4782F927
                              SHA-256:EE543453AC1A2B9B52E80DC66207D3767012CA24CE2B44206804767F37443902
                              SHA-512:BD15F6D4492DDBC89FCBADBA07FC10AA6698B13030DD301340B5F1B02B74191FAF9B3DCF66B72ECF96084656084B531034EA5CADC1DD333EF64AFB69A1D1FD56
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...Z...&...Z...&...Z...&...Z...&..$Z...&...^...&...^...&..-Z...&...&...&..$Z...&..$Z...&..$Zv..&..$Z...&..Rich.&..........................PE..d...!..d.........." ..."............p\..............................................|o....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_decimal.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):253200
                              Entropy (8bit):6.559097478184273
                              Encrypted:false
                              SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                              MD5:65B4AB77D6C6231C145D3E20E7073F51
                              SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                              SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                              SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_hashlib.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):65304
                              Entropy (8bit):6.222786912280051
                              Encrypted:false
                              SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                              MD5:4255C44DC64F11F32C961BF275AAB3A2
                              SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                              SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                              SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_lzma.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):158992
                              Entropy (8bit):6.8491146526380025
                              Encrypted:false
                              SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                              MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                              SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                              SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                              SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_queue.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):32528
                              Entropy (8bit):6.448063770045404
                              Encrypted:false
                              SSDEEP:384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
                              MD5:F00133F7758627A15F2D98C034CF1657
                              SHA1:2F5F54EDA4634052F5BE24C560154AF6647EEE05
                              SHA-256:35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
                              SHA-512:1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_socket.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):79640
                              Entropy (8bit):6.290841920161528
                              Encrypted:false
                              SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                              MD5:1EEA9568D6FDEF29B9963783827F5867
                              SHA1:A17760365094966220661AD87E57EFE09CD85B84
                              SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                              SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\_ssl.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):161040
                              Entropy (8bit):6.029728458381984
                              Encrypted:false
                              SSDEEP:3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
                              MD5:208B0108172E59542260934A2E7CFA85
                              SHA1:1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
                              SHA-256:5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
                              SHA-512:41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              • Antivirus: Virustotal, Detection: 0%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\base_library.zip

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):1847603
                              Entropy (8bit):5.576587358103163
                              Encrypted:false
                              SSDEEP:24576:mQR5pATu7xm4lUKdcubgAnyfbazZ0iwh9EpdYf9P3sLoThUdWQhuHHa:mQR5plxm+zJ5uUwQ5
                              MD5:E17CE7183E682DE459EEC1A5AC9CBBFF
                              SHA1:722968CA6EB123730EBC30FF2D498F9A5DAD4CC1
                              SHA-256:FF6A37C49EE4BB07A763866D4163126165038296C1FB7B730928297C25CFBE6D
                              SHA-512:FAB76B59DCD3570695FA260F56E277F8D714048F3D89F6E9F69EA700FCA7C097D0DB5F5294BEAB4E6409570408F1D680E8220851FEDEDB981ACB129A415358D1
                              Malicious:false
                              Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\libcrypto-1_1.dll

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):3445016
                              Entropy (8bit):6.099467326309974
                              Encrypted:false
                              SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                              MD5:E94733523BCD9A1FB6AC47E10A267287
                              SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                              SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                              SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\libffi-8.dll

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):39696
                              Entropy (8bit):6.641880464695502
                              Encrypted:false
                              SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\libssl-1_1.dll

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):704792
                              Entropy (8bit):5.55753143710539
                              Encrypted:false
                              SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                              MD5:25BDE25D332383D1228B2E66A4CB9F3E
                              SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                              SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                              SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\python311.dll

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):5762840
                              Entropy (8bit):6.089392282930885
                              Encrypted:false
                              SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                              MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                              SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                              SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                              SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\select.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):30480
                              Entropy (8bit):6.578957517354568
                              Encrypted:false
                              SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                              MD5:C97A587E19227D03A85E90A04D7937F6
                              SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                              SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                              SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\unicodedata.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1141016
                              Entropy (8bit):5.435086202175289
                              Encrypted:false
                              SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                              MD5:AA13EE6770452AF73828B55AF5CD1A32
                              SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                              SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                              SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\_MEI70802\winsound.pyd

                              Download File
                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):31000
                              Entropy (8bit):6.528629549978134
                              Encrypted:false
                              SSDEEP:768:07PonXQlQHxqCBdOBIPO7vV5YiSyvGpPxWEuSK:07PonXAoBdOBIPO7v77SyCPx
                              MD5:1C856FABFF6967DD21ADE8338E15D637
                              SHA1:BA06346DDB95C92CEDC20718BB205D1F30840C56
                              SHA-256:63ED931F692B63A8D6D7948BD8EF3B6C678B57C0C0574BF649F783C602B4E7E4
                              SHA-512:466689E72B83D7F258E1B0995323F45AB7A32E69AA3241089E3ADE15BEC80FA72C00F8FC81E918AFC7F2B86AF8D756374E69DB6A360D45A41A6F29EC199B93BD
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............S..S..S..fS..S...R..S...R..S...R..S...R..S*..R..S...R..S..S..S*..R..S*..R..S*..S..S*..R..SRich..S........PE..d......d.........." ...".....2.......................................................o....`..........................................B..P...PB.......p.......`.......J.../......`....:..T............................9..@............0...............................text...h........................... ..`.rdata..N....0......................@..@.data........P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..`............H..............@..B................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:PE32+ executable (console) x86-64, for MS Windows
                              Entropy (8bit):7.995032870704144
                              TrID:
                              • Win64 Executable Console (202006/5) 92.65%
                              • Win64 Executable (generic) (12005/4) 5.51%
                              • Generic Win/DOS Executable (2004/3) 0.92%
                              • DOS Executable Generic (2002/1) 0.92%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              File size:13'256'130 bytes
                              MD5:0fd93d95f5427314c472acf35a741bd8
                              SHA1:82c4a03fc289ff7231a55c781838a07cf2cb3afd
                              SHA256:cb8109d659672303e80f6666d566f8192f3134d3d67048e1a60ff3ace62c66f5
                              SHA512:566a7036ccc924aee8b49b69c031b5e77ca85f4ff643db5c82e0ac9533a1a687c844858ae0de080dc29ecc6d74b95cc0eca50d7ccc8f158104e32d2dd241f518
                              SSDEEP:196608:yL9vGiCff7yl3nCIjvDMjYeVa65nT84FMIZETSwjPePdrQJ/BGOqJ9Au5DYPF:yLdGiCbsSIrDMjPgQETSwvJEOqQYDQ
                              TLSH:F3D6339F7973A9A7C48144F481DC9CB5B06906BF8BB8264044BF34DF6293809A5F9D3E
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................1.............-.............................................H.......H.......Rich...................

                              File Icon

                              Icon Hash:723c2f1398054f8c

                              Static PE Info

                              General

                              Entrypoint:0x140bea000
                              Entrypoint Section:.taggant
                              Digitally signed:false
                              Imagebase:0x140000000
                              Subsystem:windows cui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Time Stamp:0x64CA6573 [Wed Aug 2 14:17:23 2023 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:2
                              File Version Major:5
                              File Version Minor:2
                              Subsystem Version Major:5
                              Subsystem Version Minor:2
                              Import Hash:eb9d0bbbbe276288f85180f1a72901a7

                              Entrypoint Preview

                              Instruction
                              jmp 00007F02693E0FBAh
                              punpckhbw mm0, qword ptr [eax+eax+00h]
                              add byte ptr [eax], al
                              add cl, ch
                              add byte ptr [eax], ah
                              add byte ptr [eax], al
                              sbb byte ptr [ecx+28h], ch
                              xchg eax, edx
                              div dword ptr [edi]
                              pop edx
                              lea eax, dword ptr [edi-01h]
                              xor byte ptr [esi-40h], dh
                              popfd
                              jmp 00007F02693E101Ah
                              push ebx
                              sbb bh, byte ptr [5AADF7B2h]
                              lea ebp, edi
                              pushad
                              push eax
                              dec sp
                              mov ebp, C473A638h
                              pop ebp
                              salc
                              fxch st(0), st(1)
                              xor byte ptr [esi+3Dh], FFFFFFCDh
                              fmul qword ptr [636D2E84h]
                              shr dword ptr [esi+70h], FFFFFFA1h
                              pop es
                              pushad
                              je 00007F02693E1008h
                              dec ebx
                              loope 00007F02693E0FFAh
                              not byte ptr [esi-2605A24Bh]
                              in eax, dx
                              and byte ptr [esi+2Eh], FFFFFFF1h
                              xchg eax, esp
                              push es
                              loope 00007F02693E0FABh
                              jmp 00007F02693E1022h
                              scasd
                              inc ebp
                              xor byte ptr [edx], dl
                              add eax, 097C867Ah

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x580460x64.imports
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x590000x48b0.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x7b8a7c0x2100.themida
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              0x10000x288900x15c3786675f359931264bdc423d3b4f885582False1.000403845506658data7.978639276152732IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              0x2a0000x1271a0x9271c4208dc5940d82edff8943f36a85458fFalse0.998986369335005data7.956602068201772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              0x3d0000x103f80x1c97c47f5638d91e09f84ec432dd286270aFalse1.0240700218818382data7.453948155301671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              0x4e0000x20e80x12f93ed6a33784aebd47414d7341a3a416aaFalse0.9810582664196006data7.694640503617366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              0x510000x15c0xbe8d1a06679f399733eed046223b6b5d58False1.0578947368421052data6.808123734893058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              0x520000x48af0xe46a60880d9e4b4d58beb457b9f4cd2039bFalse1.0030103995621238data7.921638486647114IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              0x570000x75c0x55893d85e3849a7bc08367c99f96bb3c535False0.881578947368421data7.47421318988134IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                              .imports0x580000x10000x20060f2ecbe81e15ca80fa3fb4dcd3e76b2False0.185546875data1.3505262471457742IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0x590000x4a000x4a00a948095296204e203aaf029f822de5bdFalse0.2003272804054054data3.2609452200342965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .themida0x5e0000x76c0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .boot0x7ca0000x41f8000x41f8004a000cd62ce7ac36df7c8f4af8a180e3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .taggant0xbea0000x22000x2014bc4fbddb23f6ba2a6e81d81236cc3102False1.0013395031660983DOS executable (COM)7.931407388101191IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_ICON0x590c80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.17412612187057155
                              RT_GROUP_ICON0x5d3000x14data1.1
                              RT_MANIFEST0x5d3240x58bXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.44538407329105

                              Imports

                              DLLImport
                              kernel32.dllGetModuleHandleA
                              ADVAPI32.dllConvertSidToStringSidW

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States

                              Network Behavior

                              Network Port Distribution

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jun 29, 2024 18:30:33.379587889 CEST5350615162.159.36.2192.168.2.4
                              Jun 29, 2024 18:30:33.859987974 CEST6016053192.168.2.41.1.1.1
                              Jun 29, 2024 18:30:33.868196011 CEST53601601.1.1.1192.168.2.4

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jun 29, 2024 18:30:33.859987974 CEST192.168.2.41.1.1.10xadb6Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jun 29, 2024 18:30:33.868196011 CEST1.1.1.1192.168.2.40xadb6Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:12:29:59
                              Start date:29/06/2024
                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
                              Imagebase:0x7ff719060000
                              File size:13'256'130 bytes
                              MD5 hash:0FD93D95F5427314C472ACF35A741BD8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:1
                              Start time:12:29:59
                              Start date:29/06/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7699e0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:2
                              Start time:12:30:00
                              Start date:29/06/2024
                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
                              Imagebase:0x7ff719060000
                              File size:13'256'130 bytes
                              MD5 hash:0FD93D95F5427314C472ACF35A741BD8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:4
                              Start time:12:30:20
                              Start date:29/06/2024
                              Path:C:\Windows\System32\cmd.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\cmd.exe /c "ver"
                              Imagebase:0x7ff7a2b00000
                              File size:289'792 bytes
                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:0.8%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:15.5%
                                Total number of Nodes:220
                                Total number of Limit Nodes:33
                                execution_graph 22860 7ffe13232fc0 PyTuple_GetItem 22861 7ffe13232ffb 22860->22861 22883 7ffe132331aa 22860->22883 22862 7ffe13233034 _PyObject_MakeTpCall 22861->22862 22863 7ffe13237cec _Py_CheckFunctionResult 22861->22863 22865 7ffe1323304f 22862->22865 22863->22865 22866 7ffe1323309b _PyDict_GetItemIdWithError 22865->22866 22867 7ffe13233096 22865->22867 22865->22883 22868 7ffe13237d6e PyErr_Occurred 22866->22868 22869 7ffe132330f8 22866->22869 22895 7ffe132324a0 14 API calls 22867->22895 22872 7ffe13237d55 22868->22872 22873 7ffe13237d46 22868->22873 22884 7ffe13232f60 22869->22884 22874 7ffe13237d5f _Py_Dealloc 22872->22874 22872->22883 22873->22872 22876 7ffe13237d4c _Py_Dealloc 22873->22876 22874->22883 22875 7ffe13233103 22875->22867 22875->22872 22877 7ffe13233139 22875->22877 22876->22872 22890 7ffe13233a70 22877->22890 22880 7ffe13233177 PyDict_Update 22880->22873 22881 7ffe13233190 22880->22881 22882 7ffe132331a4 _Py_Dealloc 22881->22882 22881->22883 22882->22883 22886 7ffe13232f6c 22884->22886 22885 7ffe13237cbb PyErr_SetString 22887 7ffe13232f8a 22885->22887 22886->22885 22886->22887 22888 7ffe13232f9e 22887->22888 22889 7ffe13237cdf _Py_Dealloc 22887->22889 22888->22875 22889->22888 22891 7ffe13233a89 22890->22891 22894 7ffe13233145 22890->22894 22891->22891 22892 7ffe13233aad PyMem_Malloc 22891->22892 22893 7ffe132386f0 PyErr_NoMemory 22892->22893 22892->22894 22893->22894 22894->22872 22894->22880 22895->22873 22896 7ffe132326c0 22897 7ffe132326e4 22896->22897 22898 7ffe132373ca PyTuple_GetItem 22897->22898 22899 7ffe1323274a 22897->22899 22901 7ffe13232831 22897->22901 22902 7ffe1323744f 22898->22902 22914 7ffe132373e2 PyErr_SetString 22898->22914 22966 7ffe132328f0 14 API calls 22899->22966 22904 7ffe1323285e 22901->22904 22905 7ffe132327b6 22901->22905 22968 7ffe13233d98 PyType_IsSubtype 22902->22968 22903 7ffe13232781 22903->22901 22903->22905 22908 7ffe13237448 22903->22908 22916 7ffe132327ad 22903->22916 22912 7ffe13237414 PyErr_Format 22904->22912 22913 7ffe132374e4 _Py_Dealloc 22904->22913 22931 7ffe13232980 22905->22931 22910 7ffe1323745e 22910->22914 22915 7ffe13237462 PyErr_SetString 22910->22915 22911 7ffe132327e8 22917 7ffe132327f9 22911->22917 22920 7ffe13237500 PyObject_CallFunctionObjArgs 22911->22920 22912->22908 22913->22912 22914->22908 22915->22914 22916->22905 22919 7ffe132374cf 22916->22919 22967 7ffe13232894 8 API calls 22917->22967 22919->22912 22927 7ffe13237404 _Py_Dealloc 22919->22927 22923 7ffe13237541 22920->22923 22924 7ffe13237523 22920->22924 22922 7ffe13232819 22925 7ffe13237550 22923->22925 22926 7ffe13237547 _Py_Dealloc 22923->22926 22924->22923 22928 7ffe13237528 22924->22928 22925->22922 22929 7ffe13237556 _Py_Dealloc 22925->22929 22926->22925 22927->22912 22928->22917 22930 7ffe13237532 _Py_Dealloc 22928->22930 22929->22922 22930->22917 22932 7ffe1323791e 22931->22932 22933 7ffe132329e2 22931->22933 22935 7ffe13237926 PyErr_Format 22932->22935 22934 7ffe132329ef 22933->22934 22933->22935 22937 7ffe13232a16 memset 22934->22937 22936 7ffe1323794a 22935->22936 22939 7ffe1323796d _Py_Dealloc 22936->22939 22937->22936 22938 7ffe13232a3c 22937->22938 22938->22936 22938->22939 22940 7ffe13232c78 22938->22940 22941 7ffe1323797b 22938->22941 22942 7ffe13232a77 PyObject_CallOneArg 22938->22942 22962 7ffe13232ad3 22938->22962 22993 7ffe13232c90 13 API calls 22938->22993 22939->22941 22996 7ffe13232c90 13 API calls 22940->22996 22997 7ffe1323d4a0 18 API calls 22941->22997 22942->22938 22942->22941 22946 7ffe13237997 22946->22911 22947 7ffe13232bea 22948 7ffe13232c00 22947->22948 22949 7ffe132379ba 22947->22949 22956 7ffe13232c1b 22947->22956 22950 7ffe132379ce 22948->22950 22951 7ffe13232c09 22948->22951 22952 7ffe132379c1 22949->22952 22953 7ffe132379e3 PyLong_FromLong 22949->22953 22950->22953 22954 7ffe132379d5 PyErr_SetFromWindowsErr 22950->22954 22994 7ffe13232600 13 API calls 22951->22994 22998 7ffe1323d0a8 21 API calls 22952->22998 22953->22956 22954->22956 22957 7ffe13232c46 22956->22957 22961 7ffe13232c36 _Py_Dealloc 22956->22961 22995 7ffe13235930 8 API calls 2 library calls 22957->22995 22960 7ffe13232c55 22960->22911 22961->22956 22962->22947 22963 7ffe132379f1 PyErr_NoMemory 22962->22963 22964 7ffe13232b84 22962->22964 22963->22946 22964->22947 22969 7ffe13233bf0 22964->22969 22966->22903 22967->22922 22968->22910 22970 7ffe13233c3f ffi_prep_cif 22969->22970 22992 7ffe13233d03 22969->22992 22971 7ffe13233c62 22970->22971 22970->22992 22973 7ffe13233d41 PyEval_SaveThread 22971->22973 22974 7ffe13233c7a 22971->22974 22971->22992 22972 7ffe13238731 PyErr_SetString 22972->22992 22973->22974 22976 7ffe1323876b _errno _errno 22974->22976 22977 7ffe13233ca4 ffi_call 22974->22977 22978 7ffe13238796 GetLastError SetLastError 22974->22978 22976->22978 22979 7ffe13233ce9 22977->22979 22980 7ffe132387c1 GetLastError SetLastError 22978->22980 22979->22980 22981 7ffe132387db _errno _errno 22979->22981 22982 7ffe13233d4f PyEval_RestoreThread 22979->22982 22979->22992 22980->22981 22981->22992 22982->22992 22983 7ffe132387ff _Py_Dealloc 22983->22992 22984 7ffe1323880e PySys_Audit 22984->22992 22985 7ffe13233d15 22986 7ffe13233d19 PyErr_Occurred 22985->22986 22987 7ffe13233d24 22985->22987 22986->22987 22987->22947 22988 7ffe132388c6 22989 7ffe1323873c PyErr_SetFromWindowsErr 22989->22992 22990 7ffe13238890 PyErr_Format 22990->22992 22991 7ffe132388a2 PyErr_Format 22991->22992 22992->22972 22992->22976 22992->22983 22992->22984 22992->22985 22992->22988 22992->22989 22992->22990 22992->22991 22999 7ffe1323d5f8 12 API calls 22992->22999 22993->22938 22994->22956 22995->22960 22996->22956 22997->22946 22998->22956 22999->22992 23000 7ffe1323de38 PyDict_GetItemWithError 23001 7ffe1323de69 PyErr_Occurred 23000->23001 23002 7ffe1323de5b PyObject_CallOneArg 23000->23002 23003 7ffe1323dea5 23001->23003 23004 7ffe1323de74 23001->23004 23002->23003 23009 7ffe13232e40 PyDict_GetItemWithError 23004->23009 23006 7ffe1323de7f 23006->23003 23007 7ffe1323de87 PyObject_CallOneArg 23006->23007 23007->23003 23008 7ffe1323de9c _Py_Dealloc 23007->23008 23008->23003 23010 7ffe13232f4f 23009->23010 23011 7ffe13232e5f PyErr_Occurred 23009->23011 23010->23006 23012 7ffe13232f3c 23011->23012 23013 7ffe13232e78 23011->23013 23012->23006 23014 7ffe13232e89 23013->23014 23015 7ffe13237baa PyUnicode_AsUTF8 23013->23015 23017 7ffe13237c97 PyErr_SetString 23014->23017 23019 7ffe13232eaa PyMem_Malloc 23014->23019 23015->23012 23016 7ffe13237bbf PyMem_Malloc 23015->23016 23020 7ffe13237be1 23016->23020 23021 7ffe13237c54 PyErr_NoMemory 23016->23021 23017->23012 23019->23021 23022 7ffe13232ec0 23019->23022 23023 7ffe13233a00 __stdio_common_vsprintf 23020->23023 23021->23012 23038 7ffe13233a00 23022->23038 23025 7ffe13237bf3 PyObject_CallFunction PyMem_Free 23023->23025 23025->23012 23028 7ffe13237c26 PyLong_FromVoidPtr 23025->23028 23026 7ffe13232ed3 PyObject_CallFunction PyMem_Free 23026->23012 23027 7ffe13232f13 23026->23027 23029 7ffe13232f16 PyDict_SetItem 23027->23029 23028->23029 23030 7ffe13237c3b 23028->23030 23032 7ffe13237c60 23029->23032 23033 7ffe13232f32 23029->23033 23030->23012 23031 7ffe13237c45 _Py_Dealloc 23030->23031 23031->23012 23034 7ffe13237c6f 23032->23034 23035 7ffe13237c66 _Py_Dealloc 23032->23035 23033->23012 23036 7ffe13237c88 _Py_Dealloc 23033->23036 23034->23012 23037 7ffe13237c79 _Py_Dealloc 23034->23037 23035->23034 23036->23017 23037->23012 23041 7ffe13233a60 23038->23041 23040 7ffe13233a26 __stdio_common_vsprintf 23040->23026 23041->23040 23042 7ffe11ed21b0 PySys_Audit 23043 7ffe11ed220a 23042->23043 23044 7ffe11ed21d6 GetComputerNameExW 23042->23044 23057 7ffe11ed2280 8 API calls 2 library calls 23043->23057 23045 7ffe11ed323a GetLastError 23044->23045 23046 7ffe11ed21fb PyUnicode_FromWideChar 23044->23046 23048 7ffe11ed3247 PyErr_SetFromWindowsErr 23045->23048 23049 7ffe11ed3255 23045->23049 23046->23043 23048->23043 23051 7ffe11ed326d PyMem_Malloc 23049->23051 23052 7ffe11ed325d PyUnicode_New 23049->23052 23050 7ffe11ed2217 23053 7ffe11ed3286 PyErr_NoMemory 23051->23053 23054 7ffe11ed3290 GetComputerNameExW 23051->23054 23052->23043 23053->23043 23055 7ffe11ed32ba PyUnicode_FromWideChar PyMem_Free 23054->23055 23056 7ffe11ed32aa PyMem_Free PyErr_SetFromWindowsErr 23054->23056 23055->23043 23056->23043 23057->23050 23058 7ffe11ed1060 WSAStartup 23059 7ffe11ed3108 23058->23059 23060 7ffe11ed10b0 Py_AtExit 23058->23060 23061 7ffe11ed313c PyErr_SetString 23059->23061 23068 7ffe11ed311c PyErr_Format 23059->23068 23062 7ffe11ed1159 PyModule_Create2 23060->23062 23063 7ffe11ed10d1 23060->23063 23071 7ffe11ed3162 PyErr_NoMemory 23061->23071 23064 7ffe11ed1185 PyModule_AddObject PyErr_NewException 23062->23064 23067 7ffe11ed216b 23062->23067 23069 7ffe11ed10f0 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 23063->23069 23066 7ffe11ed11cf PyModule_AddObject PyErr_NewException 23064->23066 23064->23067 23066->23067 23070 7ffe11ed120f PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 23066->23070 23095 7ffe11ed2280 8 API calls 2 library calls 23067->23095 23068->23061 23069->23062 23070->23067 23074 7ffe11ed1268 PyModule_AddObject 23070->23074 23071->23067 23083 7ffe11ed3171 23071->23083 23073 7ffe11ed217d 23074->23067 23075 7ffe11ed128a PyModule_AddObject PyMem_Malloc 23074->23075 23075->23071 23077 7ffe11ed12bb PyCapsule_New 23075->23077 23076 7ffe11ed322a _Py_Dealloc 23076->23067 23078 7ffe11ed130a PyModule_AddObject 23077->23078 23079 7ffe11ed3176 23077->23079 23080 7ffe11ed318c 23078->23080 23081 7ffe11ed1325 150 API calls 23078->23081 23096 7ffe11ed4b80 _Py_Dealloc _Py_Dealloc _Py_Dealloc PyMem_Free 23079->23096 23080->23083 23084 7ffe11ed3191 _Py_Dealloc 23080->23084 23085 7ffe11ed2037 PyLong_FromUnsignedLong 23081->23085 23083->23067 23083->23076 23084->23083 23085->23067 23086 7ffe11ed2048 PyModule_AddObject 23085->23086 23086->23085 23087 7ffe11ed2066 PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_GetDict 23086->23087 23087->23083 23088 7ffe11ed20cd VerSetConditionMask VerSetConditionMask VerSetConditionMask 23087->23088 23089 7ffe11ed214a VerifyVersionInfoA 23088->23089 23089->23067 23090 7ffe11ed31a8 PyUnicode_FromString 23089->23090 23090->23083 23091 7ffe11ed31c8 _PyDict_Pop 23090->23091 23092 7ffe11ed31e5 _Py_Dealloc 23091->23092 23093 7ffe11ed31ee 23091->23093 23092->23093 23093->23083 23093->23089 23094 7ffe11ed31fa _Py_Dealloc 23093->23094 23094->23093 23095->23073 23097 7ffe148e42b0 23100 7ffe148e42e0 23097->23100 23101 7ffe148e4334 23100->23101 23104 7ffe148e4395 23100->23104 23102 7ffe148e436b memcpy 23101->23102 23101->23104 23102->23101 23108 7ffe148e4730 GetConsoleScreenBufferInfo 23104->23108 23105 7ffe148e4493 23110 7ffe148e49a0 8 API calls 2 library calls 23105->23110 23107 7ffe148e42c2 23109 7ffe148e478c 23108->23109 23109->23105 23110->23107

                                Executed Functions

                                Function 00007FFE11ED1060 Relevance: 632.7, APIs: 189, Strings: 172, Instructions: 923networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 7ffe11ed1060-7ffe11ed10aa WSAStartup 1 7ffe11ed3108-7ffe11ed3110 0->1 2 7ffe11ed10b0-7ffe11ed10cb Py_AtExit 0->2 3 7ffe11ed3112-7ffe11ed3115 1->3 4 7ffe11ed3145 1->4 5 7ffe11ed1159-7ffe11ed117f PyModule_Create2 2->5 6 7ffe11ed10d1-7ffe11ed1153 call 7ffe11ed2f5c VerSetConditionMask * 3 VerifyVersionInfoW 2->6 9 7ffe11ed313c-7ffe11ed3143 3->9 10 7ffe11ed3117-7ffe11ed311a 3->10 11 7ffe11ed314c-7ffe11ed315c PyErr_SetString 4->11 7 7ffe11ed1185-7ffe11ed11c9 PyModule_AddObject PyErr_NewException 5->7 8 7ffe11ed219e-7ffe11ed21a0 5->8 6->5 7->8 13 7ffe11ed11cf-7ffe11ed1209 PyModule_AddObject PyErr_NewException 7->13 14 7ffe11ed216e-7ffe11ed219d call 7ffe11ed2280 8->14 9->11 10->4 15 7ffe11ed311c-7ffe11ed3136 PyErr_Format 10->15 18 7ffe11ed3162-7ffe11ed316b PyErr_NoMemory 11->18 13->8 17 7ffe11ed120f-7ffe11ed1262 PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 13->17 15->9 17->8 21 7ffe11ed1268-7ffe11ed1284 PyModule_AddObject 17->21 18->8 22 7ffe11ed3171 18->22 21->8 23 7ffe11ed128a-7ffe11ed12b5 PyModule_AddObject PyMem_Malloc 21->23 24 7ffe11ed322a-7ffe11ed3234 _Py_Dealloc 22->24 23->18 25 7ffe11ed12bb-7ffe11ed1304 PyCapsule_New 23->25 24->8 26 7ffe11ed130a-7ffe11ed131f PyModule_AddObject 25->26 27 7ffe11ed3176-7ffe11ed3181 call 7ffe11ed4b80 25->27 28 7ffe11ed318c-7ffe11ed318f 26->28 29 7ffe11ed1325-7ffe11ed2034 PyModule_AddIntConstant * 11 PyModule_AddStringConstant * 2 PyModule_AddIntConstant * 137 26->29 27->8 35 7ffe11ed3187 27->35 31 7ffe11ed319a-7ffe11ed319d 28->31 32 7ffe11ed3191-7ffe11ed3194 _Py_Dealloc 28->32 33 7ffe11ed2037-7ffe11ed2042 PyLong_FromUnsignedLong 29->33 31->8 36 7ffe11ed31a3 31->36 32->31 33->8 37 7ffe11ed2048-7ffe11ed2064 PyModule_AddObject 33->37 35->24 36->24 37->33 38 7ffe11ed2066-7ffe11ed20c7 PyModule_AddIntConstant * 4 PyModule_GetDict 37->38 39 7ffe11ed20cd-7ffe11ed2147 VerSetConditionMask * 3 38->39 40 7ffe11ed3220-7ffe11ed3224 38->40 41 7ffe11ed214a-7ffe11ed2165 VerifyVersionInfoA 39->41 40->8 40->24 42 7ffe11ed216b 41->42 43 7ffe11ed31a8-7ffe11ed31c6 PyUnicode_FromString 41->43 42->14 43->40 44 7ffe11ed31c8-7ffe11ed31e3 _PyDict_Pop 43->44 45 7ffe11ed31e5-7ffe11ed31e8 _Py_Dealloc 44->45 46 7ffe11ed31ee-7ffe11ed31f1 44->46 45->46 46->40 47 7ffe11ed31f3-7ffe11ed31f8 46->47 48 7ffe11ed31fa-7ffe11ed31fd _Py_Dealloc 47->48 49 7ffe11ed3203-7ffe11ed3215 47->49 48->49 49->41 50 7ffe11ed321b 49->50 50->40
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Module_$Constant$Object$ConditionMask$Err_$ExceptionInfoStringVerifyVersion$Capsule_Create2DictExitFormatFromLongLong_MallocMem_StartupUnsigned
                                • String ID: 00:00:00:00:00:00$00:00:00:FF:FF:FF$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_DROP_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket$socket.gaierror$socket.herror$timeout
                                • API String ID: 2280847565-1299366327
                                • Opcode ID: de31a07a70c23239d4b04c80589f0f0a269b501d95a9cdd44f27bf4122d5a2ac
                                • Instruction ID: 1b376193b7d0ec38927f0983e885fcbea56db152e61e16a8fc97c6e053212eed
                                • Opcode Fuzzy Hash: de31a07a70c23239d4b04c80589f0f0a269b501d95a9cdd44f27bf4122d5a2ac
                                • Instruction Fuzzy Hash: D3A2E268B18F0295EF14DB97EC54A662329BB4ABA1F8470B5CC0E06778DE7DE249C701
                                Function 00007FFE13233BF0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 181threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 51 7ffe13233bf0-7ffe13233c39 52 7ffe13233c3f-7ffe13233c5c ffi_prep_cif 51->52 53 7ffe1323870a-7ffe13238711 51->53 54 7ffe13238713 52->54 55 7ffe13233c62-7ffe13233c65 52->55 56 7ffe1323871a-7ffe13238721 53->56 54->56 57 7ffe1323874f-7ffe13238764 call 7ffe1323d5f8 55->57 58 7ffe13233c6b-7ffe13233c74 55->58 59 7ffe13238731-7ffe1323873a PyErr_SetString 56->59 62 7ffe13238745 57->62 69 7ffe13238766 57->69 60 7ffe13233d41-7ffe13233d4a PyEval_SaveThread 58->60 61 7ffe13233c7a-7ffe13233c8e 58->61 59->62 60->61 64 7ffe13233c94-7ffe13233c9e 61->64 65 7ffe1323876b-7ffe13238789 _errno * 2 61->65 62->57 67 7ffe13233ca4-7ffe13233cc5 ffi_call 64->67 68 7ffe13238796-7ffe132387b4 GetLastError SetLastError 64->68 65->68 70 7ffe13233ce9-7ffe13233cf0 67->70 71 7ffe132387c1-7ffe132387d5 GetLastError SetLastError 68->71 69->65 70->71 72 7ffe13233cf6-7ffe13233cf9 70->72 74 7ffe132387db-7ffe132387ed _errno * 2 71->74 73 7ffe13233cff-7ffe13233d01 72->73 72->74 75 7ffe13233d4f-7ffe13233d58 PyEval_RestoreThread 73->75 76 7ffe13233d03-7ffe13233d06 73->76 77 7ffe132387f4-7ffe132387f9 74->77 75->76 76->77 78 7ffe13233d0c-7ffe13233d0f 76->78 77->78 79 7ffe132387ff-7ffe13238809 _Py_Dealloc 77->79 80 7ffe1323880e-7ffe13238827 PySys_Audit 78->80 81 7ffe13233d15-7ffe13233d17 78->81 79->78 80->62 82 7ffe1323882d-7ffe13238834 80->82 83 7ffe13233d19-7ffe13233d22 PyErr_Occurred 81->83 84 7ffe13233d5a-7ffe13233d5c 81->84 86 7ffe132388b4-7ffe132388c0 82->86 87 7ffe13238836 82->87 85 7ffe13233d24-7ffe13233d40 83->85 84->85 88 7ffe132388c6-7ffe132388dc 86->88 89 7ffe1323873c-7ffe1323873f PyErr_SetFromWindowsErr 86->89 90 7ffe13238873-7ffe1323888e 87->90 91 7ffe13238838-7ffe1323883f 87->91 89->62 92 7ffe13238890-7ffe1323889d PyErr_Format 90->92 93 7ffe132388a2-7ffe132388af PyErr_Format 90->93 94 7ffe13238841-7ffe13238848 91->94 95 7ffe13238867 91->95 92->62 93->62 96 7ffe1323884e-7ffe13238855 94->96 97 7ffe13238723 94->97 95->90 96->89 98 7ffe1323885b-7ffe13238862 96->98 99 7ffe1323872a 97->99 98->99 99->59
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$_errno$Eval_FromOccurredSaveStringThreadWindowsffi_callffi_prep_cif
                                • String ID: No ffi_type for result$ctypes.seh_exception$exception: access violation reading %p$exception: access violation writing %p$exception: breakpoint encountered$exception: datatype misalignment$exception: single step$ffi_prep_cif failed
                                • API String ID: 1937973484-2749438402
                                • Opcode ID: 430c0edaa122ef19808d40242a936452debd4f228559f93505334d9254383600
                                • Instruction ID: 4ff9c878f8e276bba5a33de4f0f49d67527411d76219aa50bb534211d7933d54
                                • Opcode Fuzzy Hash: 430c0edaa122ef19808d40242a936452debd4f228559f93505334d9254383600
                                • Instruction Fuzzy Hash: 4C814E76A08E42C9E660AF13E444279A765FBE8BA4F1050B5CA4E277B4DF7CE949C700
                                Function 00007FFE13232E40 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 127COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 100 7ffe13232e40-7ffe13232e59 PyDict_GetItemWithError 101 7ffe13232f4f-7ffe13232f57 100->101 102 7ffe13232e5f-7ffe13232e72 PyErr_Occurred 100->102 103 7ffe13232f58-7ffe13232f5a 102->103 104 7ffe13232e78-7ffe13232e83 102->104 105 7ffe13232f3f-7ffe13232f4e 103->105 106 7ffe13232e89-7ffe13232e90 104->106 107 7ffe13237baa-7ffe13237bb9 PyUnicode_AsUTF8 104->107 109 7ffe13232e96-7ffe13232e9a 106->109 110 7ffe13237c97-7ffe13237caf PyErr_SetString 106->110 107->103 108 7ffe13237bbf 107->108 111 7ffe13237bc6-7ffe13237bcd 108->111 112 7ffe13232ea1-7ffe13232ea8 109->112 110->103 111->111 113 7ffe13237bcf-7ffe13237bdf PyMem_Malloc 111->113 112->112 114 7ffe13232eaa-7ffe13232eba PyMem_Malloc 112->114 115 7ffe13237be1-7ffe13237c20 call 7ffe13233a00 PyObject_CallFunction PyMem_Free 113->115 116 7ffe13237c54-7ffe13237c5b PyErr_NoMemory 113->116 114->116 117 7ffe13232ec0-7ffe13232f11 call 7ffe13233a00 PyObject_CallFunction PyMem_Free 114->117 115->103 123 7ffe13237c26-7ffe13237c35 PyLong_FromVoidPtr 115->123 116->105 117->103 122 7ffe13232f13 117->122 124 7ffe13232f16-7ffe13232f2c PyDict_SetItem 122->124 123->124 125 7ffe13237c3b-7ffe13237c3f 123->125 127 7ffe13237c60-7ffe13237c64 124->127 128 7ffe13232f32-7ffe13232f36 124->128 125->103 126 7ffe13237c45-7ffe13237c4f _Py_Dealloc 125->126 126->103 129 7ffe13237c6f-7ffe13237c73 127->129 130 7ffe13237c66-7ffe13237c69 _Py_Dealloc 127->130 131 7ffe13237c88-7ffe13237c91 _Py_Dealloc 128->131 132 7ffe13232f3c 128->132 129->103 133 7ffe13237c79-7ffe13237c83 _Py_Dealloc 129->133 130->129 131->110 132->105 133->103
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_$CallDict_Err_FreeFunctionItemMallocObject_$DeallocErrorFromLong_OccurredStringUnicode_VoidWith
                                • String ID: LP_%s$_type_$must be a ctypes type$s(O){sO}$s(O){}
                                • API String ID: 2461613936-2311978994
                                • Opcode ID: dac97228159b1c0431957491c5f87e729db2124b065f25bc7d08890040e0cdb2
                                • Instruction ID: 5dd7e8d5f94ad5405ca00406a90828ae0d47ef8541dec270ae3a24d648e2f708
                                • Opcode Fuzzy Hash: dac97228159b1c0431957491c5f87e729db2124b065f25bc7d08890040e0cdb2
                                • Instruction Fuzzy Hash: BE513E20A09F47C9FE50AB17E944178A7A4AFEABB0F1446B1D91E277B0DE3CE485C300
                                Function 00007FFE132326C0 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 191COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 134 7ffe132326c0-7ffe132326f7 call 7ffe13232870 137 7ffe13232831 134->137 138 7ffe132326fd-7ffe13232704 134->138 139 7ffe1323283d 137->139 138->139 140 7ffe1323270a-7ffe13232714 138->140 143 7ffe13232849 139->143 141 7ffe13232716 140->141 142 7ffe1323271d-7ffe13232724 140->142 141->142 142->143 144 7ffe1323272a-7ffe13232744 142->144 148 7ffe13232855-7ffe13232858 143->148 145 7ffe132373ca-7ffe132373e0 PyTuple_GetItem 144->145 146 7ffe1323274a-7ffe13232787 call 7ffe132328f0 144->146 149 7ffe1323744f-7ffe13237460 call 7ffe13233d98 145->149 150 7ffe132373e2-7ffe132373e9 145->150 156 7ffe13237448-7ffe1323744a 146->156 157 7ffe1323278d-7ffe13232790 146->157 152 7ffe1323285e-7ffe132374e2 148->152 153 7ffe132327b6-7ffe132327e3 call 7ffe13232980 148->153 165 7ffe13237480-7ffe1323748f 149->165 166 7ffe13237462-7ffe13237479 PyErr_SetString 149->166 154 7ffe132373f2-7ffe13237402 PyErr_SetString 150->154 163 7ffe132374f4-7ffe132374fb 152->163 164 7ffe132374e4-7ffe132374ed _Py_Dealloc 152->164 162 7ffe132327e8-7ffe132327ee 153->162 154->156 157->153 161 7ffe13232792-7ffe132327a7 157->161 161->148 169 7ffe132327ad-7ffe132327b0 161->169 170 7ffe132327f0-7ffe132327f3 162->170 171 7ffe132327f9-7ffe13232814 call 7ffe13232894 162->171 172 7ffe1323741b-7ffe13237442 PyErr_Format 163->172 164->163 167 7ffe13237491-7ffe1323749c 165->167 168 7ffe132374c3-7ffe132374ca 165->168 166->165 167->168 173 7ffe1323749e-7ffe132374a4 167->173 168->154 169->153 174 7ffe132374cf-7ffe132374d3 169->174 170->171 175 7ffe13237500-7ffe13237521 PyObject_CallFunctionObjArgs 170->175 181 7ffe13232819-7ffe13232830 171->181 172->156 177 7ffe132374aa-7ffe132374b9 173->177 178 7ffe132373eb 173->178 179 7ffe13237414 174->179 180 7ffe132374d9 _Py_Dealloc 174->180 182 7ffe13237541-7ffe13237545 175->182 183 7ffe13237523-7ffe13237526 175->183 177->168 178->154 179->172 180->179 184 7ffe13237550-7ffe13237554 182->184 185 7ffe13237547-7ffe1323754a _Py_Dealloc 182->185 183->182 187 7ffe13237528-7ffe1323752c 183->187 188 7ffe1323755f-7ffe13237562 184->188 189 7ffe13237556-7ffe13237559 _Py_Dealloc 184->189 185->184 187->171 190 7ffe13237532-7ffe1323753c _Py_Dealloc 187->190 188->181 189->188 190->171
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                • API String ID: 0-1981512665
                                • Opcode ID: f07b7bceabcce526c4a62d906a5ec0dd6d9bc262e596e910abc21d3a49bdda52
                                • Instruction ID: c11a9eb7daf711134e3e878a6643151d494bb6610ab808c3d83b385cc004d3b5
                                • Opcode Fuzzy Hash: f07b7bceabcce526c4a62d906a5ec0dd6d9bc262e596e910abc21d3a49bdda52
                                • Instruction Fuzzy Hash: DC913B26A09F42C9EA64EB27E440279A7B0FBE9BA4F044475DE8D277A4DF3CE445C700
                                Function 00007FFE11ED21B0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                • String ID: socket.gethostname
                                • API String ID: 1075394898-2650736202
                                • Opcode ID: 7298ead834648a7f4bc6c3e3640df6640e6ed5735f611ada6b462331e5912f76
                                • Instruction ID: 001adb9ffdc0f90eefac3e2f4e0fd2462d4a99647b6f938d91e3348f1681aa70
                                • Opcode Fuzzy Hash: 7298ead834648a7f4bc6c3e3640df6640e6ed5735f611ada6b462331e5912f76
                                • Instruction Fuzzy Hash: 53313E61A0CE4382EF249BE3AC1467B63A9FF88FB5F4460B5D64E46A74DF3CE4048600
                                Function 00007FFE13232980 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 249COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 208 7ffe13232980-7ffe132329dc 209 7ffe1323791e 208->209 210 7ffe132329e2-7ffe132329e9 208->210 212 7ffe13237926-7ffe13237943 PyErr_Format 209->212 211 7ffe132329ef-7ffe13232a08 210->211 210->212 213 7ffe13232a0d-7ffe13232a36 call 7ffe132366f0 memset 211->213 214 7ffe13232a0a 211->214 216 7ffe1323794a 212->216 213->216 218 7ffe13232a3c-7ffe13232a47 213->218 214->213 219 7ffe13237952-7ffe13237964 216->219 218->219 220 7ffe13232a4d-7ffe13232a56 218->220 223 7ffe1323796d-7ffe13237973 _Py_Dealloc 219->223 221 7ffe13232ad3-7ffe13232ae1 220->221 222 7ffe13232a58-7ffe13232a62 220->222 225 7ffe13237999 221->225 226 7ffe13232ae7-7ffe13232af9 call 7ffe13232d8c 221->226 224 7ffe13232a65-7ffe13232a68 222->224 229 7ffe1323797b-7ffe1323797f 223->229 227 7ffe13232a6e-7ffe13232a71 224->227 228 7ffe13232c78-7ffe13232c87 call 7ffe13232c90 224->228 234 7ffe132379a5 225->234 240 7ffe13232b00-7ffe13232b11 226->240 241 7ffe13232afb 226->241 227->228 231 7ffe13232a77-7ffe13232a8b PyObject_CallOneArg 227->231 250 7ffe13232c8c-7ffe13232c8e 228->250 232 7ffe13237984-7ffe13237997 call 7ffe1323d4a0 229->232 236 7ffe13237981 231->236 237 7ffe13232a91-7ffe13232aaa call 7ffe13232c90 231->237 249 7ffe132379f7-7ffe132379fb 232->249 246 7ffe132379ad-7ffe132379b4 234->246 236->232 237->223 254 7ffe13232ab0-7ffe13232ab3 237->254 242 7ffe13232b13 240->242 243 7ffe13232b16-7ffe13232b36 call 7ffe132366f0 240->243 241->240 242->243 261 7ffe13232b38 243->261 262 7ffe13232b3b-7ffe13232b53 call 7ffe132366f0 243->262 251 7ffe13232c00-7ffe13232c03 246->251 252 7ffe132379ba-7ffe132379bf 246->252 257 7ffe13232c1e-7ffe13232c21 250->257 255 7ffe132379ce-7ffe132379d3 251->255 256 7ffe13232c09-7ffe13232c1b call 7ffe13232600 251->256 258 7ffe132379c1-7ffe132379c9 call 7ffe1323d0a8 252->258 259 7ffe132379e3-7ffe132379ec PyLong_FromLong 252->259 254->229 263 7ffe13232ab9-7ffe13232acb 254->263 255->259 260 7ffe132379d5-7ffe132379de PyErr_SetFromWindowsErr 255->260 256->257 265 7ffe13232c23 257->265 266 7ffe13232c46-7ffe13232c77 call 7ffe13235930 257->266 258->257 259->257 260->257 261->262 278 7ffe13232b55 262->278 279 7ffe13232b58-7ffe13232b6c call 7ffe132366f0 262->279 263->221 270 7ffe13232acd-7ffe13232ad1 263->270 272 7ffe13232c28-7ffe13232c2e 265->272 270->224 276 7ffe13232c30-7ffe13232c34 272->276 277 7ffe13232c3c-7ffe13232c44 272->277 276->277 280 7ffe13232c36 _Py_Dealloc 276->280 277->266 277->272 278->279 283 7ffe132379f1 PyErr_NoMemory 279->283 284 7ffe13232b72-7ffe13232b75 279->284 280->277 283->249 284->283 285 7ffe13232b7b-7ffe13232b7e 284->285 285->283 286 7ffe13232b84-7ffe13232b8b 285->286 287 7ffe13232bc5-7ffe13232be5 call 7ffe13233bf0 286->287 288 7ffe13232b8d-7ffe13232b9b 286->288 292 7ffe13232bea-7ffe13232bed 287->292 289 7ffe13232b9e-7ffe13232bab 288->289 289->234 291 7ffe13232bb1-7ffe13232bc3 289->291 291->287 291->289 292->250 293 7ffe13232bf3-7ffe13232bfa 292->293 293->246 293->251
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CallDeallocErr_FormatObject_memset
                                • String ID: argument %zd: $too many arguments (%zi), maximum is %i
                                • API String ID: 1791410686-4072972272
                                • Opcode ID: 4740f729d07df1b72c89f8ee573bc102a3c799c06bb822e8bf3e008f4163d2c1
                                • Instruction ID: 538a4601143ff4f6b810889eb43038dd3967444bd79d31995d8d3d7293a7dd91
                                • Opcode Fuzzy Hash: 4740f729d07df1b72c89f8ee573bc102a3c799c06bb822e8bf3e008f4163d2c1
                                • Instruction Fuzzy Hash: E4B18162A08F8289EA60AF27D4402B9A360FFA9BF4F544671DA5D677E4DF3CE541C300
                                Function 00007FFE13232FC0 Relevance: 13.7, APIs: 9, Instructions: 155COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 294 7ffe13232fc0-7ffe13232ff5 PyTuple_GetItem 295 7ffe132331c6-7ffe132331c8 294->295 296 7ffe13232ffb-7ffe13233021 294->296 299 7ffe132331ad-7ffe132331c5 295->299 297 7ffe13233034-7ffe13233049 _PyObject_MakeTpCall 296->297 298 7ffe13233023-7ffe1323302e 296->298 301 7ffe1323304f-7ffe13233055 297->301 298->297 300 7ffe13237cec-7ffe13237d0d _Py_CheckFunctionResult 298->300 300->301 301->295 302 7ffe1323305b-7ffe13233071 301->302 303 7ffe13237d12-7ffe13237d21 call 7ffe13234a48 302->303 304 7ffe13233077-7ffe13233080 302->304 308 7ffe13237d27 303->308 307 7ffe13233086-7ffe13233088 304->307 304->308 310 7ffe1323308a-7ffe13233094 307->310 311 7ffe1323309b-7ffe132330f2 _PyDict_GetItemIdWithError 307->311 312 7ffe13237d2e-7ffe13237d46 call 7ffe132324a0 308->312 310->307 313 7ffe13233096 310->313 314 7ffe13237d6e-7ffe13237d77 PyErr_Occurred 311->314 315 7ffe132330f8-7ffe13233106 call 7ffe13232f60 311->315 326 7ffe13237d4c-7ffe13237d4f _Py_Dealloc 312->326 313->308 318 7ffe13237d55-7ffe13237d59 314->318 319 7ffe13237d79 314->319 315->318 323 7ffe1323310c-7ffe13233133 call 7ffe132331d0 315->323 318->295 321 7ffe13237d5f-7ffe13237d69 _Py_Dealloc 318->321 324 7ffe13237d7e-7ffe13237d82 319->324 321->295 323->312 329 7ffe13233139-7ffe1323314f call 7ffe13233a70 323->329 324->318 325 7ffe13237d84 324->325 325->326 326->318 329->318 332 7ffe13233155-7ffe13233162 329->332 333 7ffe1323316b-7ffe13233171 332->333 333->318 334 7ffe13233177-7ffe1323318a PyDict_Update 333->334 334->324 335 7ffe13233190-7ffe132331a2 334->335 336 7ffe132331a4 _Py_Dealloc 335->336 337 7ffe132331aa 335->337 336->337 337->299
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dict_Item$CallCheckDeallocErrorFunctionMakeObject_ResultTuple_UpdateWith
                                • String ID:
                                • API String ID: 1807771726-0
                                • Opcode ID: 42a6a9498eb4336f8fb7f7e14a875b7f35efea189098be1472c8111e8b538fde
                                • Instruction ID: 5c9d241a8e2c663680bee987673007f0f8e7ca8053b52368845e29d736ef6ec9
                                • Opcode Fuzzy Hash: 42a6a9498eb4336f8fb7f7e14a875b7f35efea189098be1472c8111e8b538fde
                                • Instruction Fuzzy Hash: ED615421A08F4689FA54AB27A944379A7A0BFE9BB4F044075DE4D277B5DF3CE195C300
                                Function 00007FFE148E4730 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 338 7ffe148e4730-7ffe148e4786 GetConsoleScreenBufferInfo 339 7ffe148e478c 338->339 340 7ffe148e4828-7ffe148e482e call 7ffe148e5698 338->340 339->340
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: BufferConsoleInfoScreen
                                • String ID:
                                • API String ID: 3437242342-0
                                • Opcode ID: d0030d7d39ed1f1285109f3f3c4a92fc536e9fee5458ecd4838dc556b7ba0fb5
                                • Instruction ID: 78ea90a76b9f2e9161044804ee226d490219f8357c16d87d6016a8b7e211c75d
                                • Opcode Fuzzy Hash: d0030d7d39ed1f1285109f3f3c4a92fc536e9fee5458ecd4838dc556b7ba0fb5
                                • Instruction Fuzzy Hash: 29F01DB2508F45C9C702CF5AE45009DB724F756BD5F418A22EE8D63B29CF38C055CB50
                                Function 00007FFE148E42E0 Relevance: 1.4, APIs: 1, Instructions: 138COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: memcpy
                                • String ID:
                                • API String ID: 3510742995-0
                                • Opcode ID: b007cc5a7efe170316438a21b032e88e071ebebb1f436b5cacc6e359ddb69198
                                • Instruction ID: 8b0becd7bc32e01ef9077e9173146ae9a1d557fb18be035d7b3935749b4477a6
                                • Opcode Fuzzy Hash: b007cc5a7efe170316438a21b032e88e071ebebb1f436b5cacc6e359ddb69198
                                • Instruction Fuzzy Hash: A5518F72B05F8585DB10CF2AD4845A8B364FB4AFB8B558272EE2C177A5DF38D859C340

                                Non-executed Functions

                                Function 00007FFE13233200 Relevance: 123.2, APIs: 60, Strings: 10, Instructions: 724COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_$Err_$DeallocFree$AttrMallocObject_Sequence_$Arg_ExceptionItemLookupMatchesParseTuplememset$SizeStringmemcpy$Long_MemoryOccurredSubtypeTuple_Type_Unicode_
                                • String ID: %s:%s:$'_fields_' must be a sequence of (name, C type) pairs$'_fields_' must be a sequence of pairs$Structure or union cannot contain itself$UO|i$_fields_ is final$_pack_ must be a non-negative integer$bit fields not allowed for type %s$ctypes state is not initialized$second item in _fields_ tuple (index %zd) must be a C type
                                • API String ID: 1728738171-3134808266
                                • Opcode ID: a37ccca1d3dc2142cd12f207774ec85a0b55c62378e172e046d47a75441dc925
                                • Instruction ID: e76951f561d1b0f82bae402537cc920d069e4f0b3f9c3b2f47b76ac30eb38746
                                • Opcode Fuzzy Hash: a37ccca1d3dc2142cd12f207774ec85a0b55c62378e172e046d47a75441dc925
                                • Instruction Fuzzy Hash: AF725A72B09F42C9EB54EB66D4442BCA7A4BBA8BA8F404175CE0D677A4DF3CE549C340
                                Function 00007FFE13307778 Relevance: 84.9, APIs: 33, Strings: 15, Instructions: 913COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                                • API String ID: 2943138195-2884338863
                                • Opcode ID: abb66a51bdc0ab0d891b91b71ed79c768c922fbde50ea62fc9132ceea67d59e6
                                • Instruction ID: 4cf85f3bfaf1c6c0a5d54a2c9347c4b539022d55d3a0cb2d885e00f1253c716d
                                • Opcode Fuzzy Hash: abb66a51bdc0ab0d891b91b71ed79c768c922fbde50ea62fc9132ceea67d59e6
                                • Instruction Fuzzy Hash: 8392D732918F828AEB01CF25E4802BEB7A0FB94364F501175FA9D67AA9DF7CD544CB44
                                Function 00007FFE13309620 Relevance: 49.6, APIs: 25, Strings: 3, Instructions: 569COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: && $const $volatile
                                • API String ID: 2943138195-2785535105
                                • Opcode ID: c707641601cb37ca133bf416ee8f56f947e4357e0a25fabddaaea8f1e7a2edbd
                                • Instruction ID: 2ad71eec2691cab8c6901c300b4aad67f3bd01f7d4ad529ef356b6a30a931688
                                • Opcode Fuzzy Hash: c707641601cb37ca133bf416ee8f56f947e4357e0a25fabddaaea8f1e7a2edbd
                                • Instruction Fuzzy Hash: 8452BE7291CE818AE711CB16E4402AEB7A0FBA4764F504171EA9D27BB9DF3CD941CB44
                                Function 00007FFE13213E60 Relevance: 38.6, APIs: 12, Strings: 9, Instructions: 1834COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: memset$__acrt_iob_func
                                • String ID: main sort initialise ...$ %d in block, %d after MTF & 1-2 coding, %d+2 syms in use$ bytes: mapping %d, $ initial group %d, [%d .. %d], has %d syms (%4.1f%%)$ pass %d: size is %d, grp uses are $%d $code lengths %d, $codes %d$selectors %d,
                                • API String ID: 2663462942-2293634542
                                • Opcode ID: 6925f0df74a4401e63055fc6510ef7da51d45170c56e2179dc91cbf07156659b
                                • Instruction ID: 3760d1ef0d36d01e22186eeb9e27fa871ec02c471a5ecf07b7c5a13b5ba4e9a4
                                • Opcode Fuzzy Hash: 6925f0df74a4401e63055fc6510ef7da51d45170c56e2179dc91cbf07156659b
                                • Instruction Fuzzy Hash: 9A23CE726186D08BD720DF1AE0497ED7764FB99B98F440226EF89537AADB3CE451CB00
                                Function 00007FFE13211000 Relevance: 20.0, APIs: 6, Strings: 5, Instructions: 738COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: __acrt_iob_funcmemset
                                • String ID: bucket sorting ...$ depth %6d has $ reconstructing block ...$ %d work, %d block, ratio %5.2f$%6d unresolved strings
                                • API String ID: 3274466043-3557197531
                                • Opcode ID: 26f5d32b2c9aafe1b17e3fe9207a6d98d97c54b584e5d10911ff5591f675602b
                                • Instruction ID: aa655acbb120de76b5dec4cce7afe2e43e394cb7eb4ab02156500f012876c74e
                                • Opcode Fuzzy Hash: 26f5d32b2c9aafe1b17e3fe9207a6d98d97c54b584e5d10911ff5591f675602b
                                • Instruction Fuzzy Hash: 2562E073B24B848ADB15CF1DD580AAD33A4F7A9744F969229D70E8B396EB3DE104C700
                                Function 00007FFE132160C0 Relevance: 16.4, APIs: 4, Strings: 5, Instructions: 655COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: __acrt_iob_func
                                • String ID: %d pointers, %d sorted, %d scanned$ bucket sorting ...$ main sort initialise ...$ qsort [0x%x, 0x%x] done %d this %d$VUUU
                                • API String ID: 711238415-771725242
                                • Opcode ID: b7eaa103dd87db888a045f72fc8bb6347d9082154f2cfdbcc880b18ed42f9ebc
                                • Instruction ID: 0617f4a2a04de45590868df11c211e88ad0abf12f3ec7a13f835f7f6dc0f1990
                                • Opcode Fuzzy Hash: b7eaa103dd87db888a045f72fc8bb6347d9082154f2cfdbcc880b18ed42f9ebc
                                • Instruction Fuzzy Hash: 345203776186C18BD324EF2991006BE7FB0FBA6759F048265DB8A53756CB3CE608CB11
                                Function 00007FFE11ED2BC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: be945e1872453a46079eb03b3ba9076c6fe97ae394edff2aba9fdbd75b39c04d
                                • Instruction ID: a5963dbf587d5a9cb67c507f776c4c950e60bcd7e4caa2fbda9912fb1a669d45
                                • Opcode Fuzzy Hash: be945e1872453a46079eb03b3ba9076c6fe97ae394edff2aba9fdbd75b39c04d
                                • Instruction Fuzzy Hash: C0315272609F8289EB609FA1E8407EE7364FB84764F445479DA4E47BA4DF3CD548C710
                                Function 00007FFE13236254 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: ea38b9b02c827df44fb5011cb61d735aee822b3a281d6ad786fd76dbeb1e9228
                                • Instruction ID: d7a5e48cf52fc7e185dd345025a5eef517347f6747a577314c63bd960c9403c3
                                • Opcode Fuzzy Hash: ea38b9b02c827df44fb5011cb61d735aee822b3a281d6ad786fd76dbeb1e9228
                                • Instruction Fuzzy Hash: F2314D72609F818AEB70AF61E8803EDB364FB98764F444439DA4D57AA9DF3CD548C710
                                Function 00007FFE148E52F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                • Instruction ID: dd71285512c1114eae655e232249f836cad89b17f716c6dec6b180ac4a15de3f
                                • Opcode Fuzzy Hash: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                • Instruction Fuzzy Hash: 5B316072609E8185EB609F61E8803EDB360FB85758F404439EA4E67BA5EF3CD64CC710
                                Function 00007FFE12E123A0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918791017.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                • Associated: 00000002.00000002.2918770170.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918832818.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe12e10000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: e71ef626330f91d489a9d8d6ed023793e1fd82bebd9390868df85003a98197a4
                                • Instruction ID: ca2311cfb8261849c7010abf147daf3a1664873f235a21664109ebe21f441b98
                                • Opcode Fuzzy Hash: e71ef626330f91d489a9d8d6ed023793e1fd82bebd9390868df85003a98197a4
                                • Instruction Fuzzy Hash: 87314C72A08F9186EB618F61EC403EE73A0FB84754F44443ADA4E47AA8DF78D648D711
                                Function 00007FFE1321AAD8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: a7a0b375acf53c908aaa84b1677749aa5f730714d3c2174efe7977e719f92665
                                • Instruction ID: 0bbf1417aa3ddd2100f90951bb8f75a49858f7bf046d2ee4787d5b515209dfb6
                                • Opcode Fuzzy Hash: a7a0b375acf53c908aaa84b1677749aa5f730714d3c2174efe7977e719f92665
                                • Instruction Fuzzy Hash: 5F316E72608E81CAEB60AF65E9403FD33A0FBA4754F44443ADA4E57AA6DF3CD648C710
                                Function 00007FFE126E3BB0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: 20b3d6c6e0832c53b5da1da8faa77a9c607007c578d0bea065c04d4a4ef01c4f
                                • Instruction ID: 89282e6af80fdab34038d03e31bddf7f2794064ab905b6c41d365216df436373
                                • Opcode Fuzzy Hash: 20b3d6c6e0832c53b5da1da8faa77a9c607007c578d0bea065c04d4a4ef01c4f
                                • Instruction Fuzzy Hash: FF315972608E818AEB60DF62E8403FD7360FB84754F44457ADA4E47AE8DF78D648C700
                                Function 00007FFE13201AC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: 39c032ac710924fa7783a0340ae9420989a28a62c06058e897b4d705c1daebf8
                                • Instruction ID: bf6de7bca81ec7b9db6614e8435e4316cb3c3bff8818fdeb81c6c1a418ebf09c
                                • Opcode Fuzzy Hash: 39c032ac710924fa7783a0340ae9420989a28a62c06058e897b4d705c1daebf8
                                • Instruction Fuzzy Hash: C0314B76609E818AEB60AF61E8503EE6365FB94754F504039DB8E67AA8DF38D54CC700
                                Function 00007FFE130C1B00 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                • String ID:
                                • API String ID: 313767242-0
                                • Opcode ID: 491c6c3a996b181e7d4f6ff731a66c8976c72585f48119a1a83f76a26148e78e
                                • Instruction ID: 5c9fa5b3ca02b78fbdec2e7d926b6a2f48967bb0f62326b8ae28baca8814fbcc
                                • Opcode Fuzzy Hash: 491c6c3a996b181e7d4f6ff731a66c8976c72585f48119a1a83f76a26148e78e
                                • Instruction Fuzzy Hash: 4B317072618F818AEB649F61E8903ED33A1FB94754F8444B9DA8D57BA8DF3CD648C700
                                Function 00007FFE11ED45E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                • String ID: bind$socket.bind
                                • API String ID: 1695574521-187351271
                                • Opcode ID: dc24cef773245b4122254bbfd203ff68aadfac931a17838e96712d49baaaed77
                                • Instruction ID: aa1b54dec0c0fce709861a27627dbb45c9185efb91882172b1dc9ec3c3696bb6
                                • Opcode Fuzzy Hash: dc24cef773245b4122254bbfd203ff68aadfac931a17838e96712d49baaaed77
                                • Instruction Fuzzy Hash: 0E110B21608E82C1EB209B93FC407AB7368FF54BA0F442576DA4D47B68DF3CE5458700
                                Function 00007FFE11ED5610 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                • String ID: |i:listen
                                • API String ID: 3610171639-1087349693
                                • Opcode ID: 2dbeb274d4bae0e2ac5948526fc6aafbd0b7016d98b6296a5ce504e9575d9f50
                                • Instruction ID: 9f7a3d5552112cf4844bae60d5b204532d2fc9a013dc3b691d2e339f26e597a2
                                • Opcode Fuzzy Hash: 2dbeb274d4bae0e2ac5948526fc6aafbd0b7016d98b6296a5ce504e9575d9f50
                                • Instruction Fuzzy Hash: 48016D21A08E4182DB508BA3FD8452B73B5FF88BA0B006075DA4E47728DF3CE4448700
                                Function 00007FFE148E39F0 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 393COMMON
                                Download Yara Rule
                                APIs
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00007FFE148E2A47), ref: 00007FFE148E3F22
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort
                                • String ID: 9
                                • API String ID: 4206212132-2366072709
                                • Opcode ID: 7817f88f83bc592681b090ef1e28ae5cfd0d02ccd6da88ba9a439c6d539cb9c2
                                • Instruction ID: c4036109835f4643eb815bec56006ded4e4cc7f1f9a26057a1206837fa329e75
                                • Opcode Fuzzy Hash: 7817f88f83bc592681b090ef1e28ae5cfd0d02ccd6da88ba9a439c6d539cb9c2
                                • Instruction Fuzzy Hash: 31E11273B09F5182DA58CB02E49467873A5FB42BE0F508279EE1E27794DF38D948C300
                                Function 00007FFE148E1F50 Relevance: 3.5, APIs: 2, Instructions: 537sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32 ref: 00007FFE148E1F9A
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE148E278B
                                  • Part of subcall function 00007FFE148E2E00: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFE148E368D,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E2E4A
                                  • Part of subcall function 00007FFE148E2E00: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFE148E368D,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E2E94
                                  • Part of subcall function 00007FFE148E2E00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00007FFE148E368D,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E2EC2
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Sleepabort$InfoSystem
                                • String ID:
                                • API String ID: 3313544985-0
                                • Opcode ID: 9ffe9586930d3f5b2dce164639f17a0bba570700e0f6ed2249f761e5f028a818
                                • Instruction ID: 06ac3abe01f0cdd2c8b26b3e6526b5b2180da06552349deec5d5638dda38cf50
                                • Opcode Fuzzy Hash: 9ffe9586930d3f5b2dce164639f17a0bba570700e0f6ed2249f761e5f028a818
                                • Instruction Fuzzy Hash: DB329072A19F0289EA54CF16D8D0678B3A5FB06BB4B1406B5EA1D673B0DF3CE499C340
                                Function 00007FFE13212EB0 Relevance: 3.4, APIs: 2, Instructions: 361COMMON
                                Download Yara Rule
                                APIs
                                • memset.VCRUNTIME140(00000000,?,?,00000003,?,00000003,?,00007FFE132155CA), ref: 00007FFE13213009
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: memset
                                • String ID:
                                • API String ID: 2221118986-0
                                • Opcode ID: 5f12307bf6a6bfb759c7c45f282a9fdef77da67de22258e37e5978b8150be02a
                                • Instruction ID: dc1db71e8f043a1857c023c7f63bc1ad890fa785e805ee58c120074624206ea8
                                • Opcode Fuzzy Hash: 5f12307bf6a6bfb759c7c45f282a9fdef77da67de22258e37e5978b8150be02a
                                • Instruction Fuzzy Hash: 02E14632A14B818ED7229F2AD5406B9B754FBA5799F104335EB4D63BA6DB3EE101C700
                                Function 00007FFE148E27A0 Relevance: 3.2, APIs: 2, Instructions: 240sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32 ref: 00007FFE148E27E2
                                  • Part of subcall function 00007FFE148E2E00: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFE148E368D,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E2E4A
                                  • Part of subcall function 00007FFE148E2E00: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFE148E368D,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E2E94
                                  • Part of subcall function 00007FFE148E2E00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00007FFE148E368D,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E2EC2
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE148E29F9
                                  • Part of subcall function 00007FFE148E3670: VirtualAlloc.KERNEL32 ref: 00007FFE148E36E0
                                  • Part of subcall function 00007FFE148E3670: VirtualAlloc.KERNEL32 ref: 00007FFE148E37A1
                                  • Part of subcall function 00007FFE148E3670: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE148E3818
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort$AllocSleepVirtual$InfoSystem
                                • String ID:
                                • API String ID: 2845655223-0
                                • Opcode ID: 42b3670ccabd5650833994723fb08ac83d1a8573b0ab70601d000262a5239506
                                • Instruction ID: 44f61c370ce903102dc145592d2ad8df100ae1ecd4c42c80f53b1a8debffa7c5
                                • Opcode Fuzzy Hash: 42b3670ccabd5650833994723fb08ac83d1a8573b0ab70601d000262a5239506
                                • Instruction Fuzzy Hash: 33A1B432A18F0686EA54DB16E8D0278B291FB467B0F1442B9EA1D673F0DF7CE198D350
                                Function 00007FFE1323F698 Relevance: 3.0, APIs: 2, Instructions: 37memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1323CE69,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323F6AD
                                • VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1323CE69,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323F6ED
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AllocInfoSystemVirtual
                                • String ID:
                                • API String ID: 3440192736-0
                                • Opcode ID: ae2bbb1afd25eab38f7bbeb6ed7cb2382518c166998b08d0a9dc76584e5d8d8b
                                • Instruction ID: 1c7d482f85d2ce85e765ad667dcb811a8962fccc7cb44a52d145fbd584008926
                                • Opcode Fuzzy Hash: ae2bbb1afd25eab38f7bbeb6ed7cb2382518c166998b08d0a9dc76584e5d8d8b
                                • Instruction Fuzzy Hash: E001AD75F08A02CBFE14DB56B841674A3A0AFEDBA1F044079C88C9B374DE2CE80AC700
                                Function 00007FFE11ED5B24 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: memsetrecvfrom
                                • String ID:
                                • API String ID: 3853191257-0
                                • Opcode ID: 97d1986fe524ad59cf5a4a977fdc13817b815f6670fd3dfbe17fbf4453ab2534
                                • Instruction ID: 32bbca34b2972010421dba397207d702db795377d2521d0e0c36a2282a4d79f2
                                • Opcode Fuzzy Hash: 97d1986fe524ad59cf5a4a977fdc13817b815f6670fd3dfbe17fbf4453ab2534
                                • Instruction Fuzzy Hash: 01012C76704F4582DB14CF26E44012973B1F748FA8B249235DE6D477A8DE38C891C740
                                Function 00007FFE126D2FF0 Relevance: 2.2, APIs: 1, Instructions: 908COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c019b1ae1ed03d52301067e8968cba23e28786eb852f091c7e809a7f56da2abc
                                • Instruction ID: 19499e76f16857cc2d8b2d9974e7092474d4d82944bdd3f70a8e3e275ad416a6
                                • Opcode Fuzzy Hash: c019b1ae1ed03d52301067e8968cba23e28786eb852f091c7e809a7f56da2abc
                                • Instruction Fuzzy Hash: C592C3B2A185DA8BD728CF26E8447BD77A1F784758F144135DACA47B94DABCE4A0CF00
                                Function 00007FFE148E2ED0 Relevance: 1.8, APIs: 1, Instructions: 288COMMON
                                Download Yara Rule
                                APIs
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E32D7
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort
                                • String ID:
                                • API String ID: 4206212132-0
                                • Opcode ID: 975db1027c77e2a47ded01fed634c8d911ab1044d3896bf1aed70c406113ac20
                                • Instruction ID: 0c290bb771f8b01f7d63162393cf5198988c1a92fa949de9bbea071c7e013378
                                • Opcode Fuzzy Hash: 975db1027c77e2a47ded01fed634c8d911ab1044d3896bf1aed70c406113ac20
                                • Instruction Fuzzy Hash: 7FC13773B04F4982DF64CF46D080AA873A4FB15BA4B504679EB5D677A0DF3AE999C300
                                Function 00007FFE148E32E0 Relevance: 1.8, APIs: 1, Instructions: 262COMMON
                                Download Yara Rule
                                APIs
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000001,?,00000000,?,?,?,?,?,00000001,00000000,00007FFE148E2B10), ref: 00007FFE148E3667
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort
                                • String ID:
                                • API String ID: 4206212132-0
                                • Opcode ID: 48c805e5d86360c9c62e957bdda11509c41bfd5a0f65f29f769591aa3970979d
                                • Instruction ID: 3f3dc8e677047812004ca9bc6873cf99d45e9b111b67451434b1d583612a0a1c
                                • Opcode Fuzzy Hash: 48c805e5d86360c9c62e957bdda11509c41bfd5a0f65f29f769591aa3970979d
                                • Instruction Fuzzy Hash: A6B1E072A08F41D2DF14CF1AD480668B3A4FB55BA8F404635EB5E677A4DF38E9A9C340
                                Function 00007FFE148E3F50 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                Download Yara Rule
                                APIs
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00007FFE148E2A17), ref: 00007FFE148E41DF
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort
                                • String ID:
                                • API String ID: 4206212132-0
                                • Opcode ID: 953d82589a8564f53227c4f547311b5923f48a52c300c8bbd1548c5f50c23822
                                • Instruction ID: 60c4aa6eb52124583e56ca5c0d01904d92584733a8621651374bfc686ebf7b12
                                • Opcode Fuzzy Hash: 953d82589a8564f53227c4f547311b5923f48a52c300c8bbd1548c5f50c23822
                                • Instruction Fuzzy Hash: 15711273709F6582DE98CF0AD494628B3A5FB55FE4B014279EA4E53B90DF3AD858C300
                                Function 00007FFE126D1BB0 Relevance: .5, Instructions: 543COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ddb575992fdd5106d4c9cc7d6b8c6f3f2631628f18e8a0618521ee63ed930029
                                • Instruction ID: ddaeefcad675ebaf074b321044794c70d0cc48605b2606fea388ab4dfdb584fc
                                • Opcode Fuzzy Hash: ddb575992fdd5106d4c9cc7d6b8c6f3f2631628f18e8a0618521ee63ed930029
                                • Instruction Fuzzy Hash: 09420472A18A9A8BD710CF16D844BAD77A0F7847A4F214175DA9A437E4CFFDE891CB00
                                Function 00007FFE1321C7D8 Relevance: .5, Instructions: 458COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b2eb5bebb83f66ce2a2e88810d816ab1975cff3b6718b5751e82143ed5ebc34
                                • Instruction ID: 7064e64cd0685204ec4d2394b3248e0a5840cb97da1f731909abcfd5d1046775
                                • Opcode Fuzzy Hash: 0b2eb5bebb83f66ce2a2e88810d816ab1975cff3b6718b5751e82143ed5ebc34
                                • Instruction Fuzzy Hash: 1112DE77A04A758BEB649F3AC0402BD3BA4F794F58F054236CE49A739ADB78D440CB90
                                Function 00007FFE126D2530 Relevance: .4, Instructions: 431COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b7ab5ec8d5af4ff0edb13374954eeb6f76981fa607f4cf439f2d09104bf01de
                                • Instruction ID: 30def0c926ba17472c26f8397d01481b6f46a38cf24f994482d66a8591aa4cfa
                                • Opcode Fuzzy Hash: 6b7ab5ec8d5af4ff0edb13374954eeb6f76981fa607f4cf439f2d09104bf01de
                                • Instruction Fuzzy Hash: 1512C172A04A898BD7248F26D8446BC37A0F754BB8F144276DF9A477E9CFB8D851C780
                                Function 00007FFE13213BD0 Relevance: .4, Instructions: 362COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8a39990ca9cfa6d16ca09e9bb3adb60d215468d949c9b251fed608f3d18b74c7
                                • Instruction ID: 202c312a60f8b38ac38c0887a42aa13fae54b8ae9eea703abff327141a2eb6b6
                                • Opcode Fuzzy Hash: 8a39990ca9cfa6d16ca09e9bb3adb60d215468d949c9b251fed608f3d18b74c7
                                • Instruction Fuzzy Hash: 55F1E173A08A958BD794DF06D58497D7BB9FBE4754F218176EB0A63761CB38E802CB00
                                Function 00007FFE126D6EAC Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a8bff3724c6967cc2c618f35b0af43ca66f07cce2ec13a7f4f888691282c3dbb
                                • Instruction ID: 83211d936f35d2b16ad3ff856cccd675f67f6279657c81b56e435e66c11e8109
                                • Opcode Fuzzy Hash: a8bff3724c6967cc2c618f35b0af43ca66f07cce2ec13a7f4f888691282c3dbb
                                • Instruction Fuzzy Hash: AE617072A08E8A8BEB58CF2AD84177833A1FB44764F504175DA4D83BE8DFB8E851C741
                                Function 00007FFE126D12B0 Relevance: .1, Instructions: 135COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25bab637c6722f1a34823982c0edf2f4956e0bcd10ac7bd1d8c8b8698bcb4eaa
                                • Instruction ID: b412000401acfe10c405ecf75b2de88f8e59485687eb01030e647229f55b6e48
                                • Opcode Fuzzy Hash: 25bab637c6722f1a34823982c0edf2f4956e0bcd10ac7bd1d8c8b8698bcb4eaa
                                • Instruction Fuzzy Hash: F0510433B10A958BE704CF29D8547AE37A5F748758F454135EF8A93B80D7B9E852CB40
                                Function 00007FFE126D53A0 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 406b589db7a962d969b02e12d867f45a6b217c603e15e970e349a0bc956c1fd2
                                • Instruction ID: 6484a6c0979905007926bacd1ffb96556fccec655a71756714d02819a1b3a9b1
                                • Opcode Fuzzy Hash: 406b589db7a962d969b02e12d867f45a6b217c603e15e970e349a0bc956c1fd2
                                • Instruction Fuzzy Hash: D841D473B14A9987E710CB1AF81077DBAA2FB84758F454132DB8A53BA5DA3CE452CB00
                                Function 00007FFE126DF81C Relevance: .1, Instructions: 115COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8a822b60b847efc8215b8128c20a6ef70635e9790582372f0efe9a7e4dd052b
                                • Instruction ID: 36789ea30e35e0cfa3bc09d63dc0424812e7a7fc7cc160b642506a5801b29a9f
                                • Opcode Fuzzy Hash: d8a822b60b847efc8215b8128c20a6ef70635e9790582372f0efe9a7e4dd052b
                                • Instruction Fuzzy Hash: F63127A2F24A4943EA18C612AC117796AA2F794BE0F194535EE4F43BE4CEBCE1428200
                                Function 00007FFE126D5CE0 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40dcf30f5b37c9a3fab5fff378f94a0b865b225fb34ea96b6ffe2c5b6560996e
                                • Instruction ID: 777b2259f01618817c4aa075e6ff622486651a3cdbfcae8db5cd20d04b3eeefc
                                • Opcode Fuzzy Hash: 40dcf30f5b37c9a3fab5fff378f94a0b865b225fb34ea96b6ffe2c5b6560996e
                                • Instruction Fuzzy Hash: 7321B47262C6A447E65A8B26AD142BA7350F7157D9F841225EFDE036D5DA3CFA008710
                                Function 00007FFE126D8D40 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8d26a27c2706d6cee30b46629bf2c68680ee19fad6e6445a6b1f3b987a350f26
                                • Instruction ID: 604c3a7dcd65edbc1a2995803bf8a764dca92c5a53dcfe9465a1250533a8dc5c
                                • Opcode Fuzzy Hash: 8d26a27c2706d6cee30b46629bf2c68680ee19fad6e6445a6b1f3b987a350f26
                                • Instruction Fuzzy Hash: 29213861B14AAD42EA11CB6368242FA62B0EB55BA1F555232EFED073D4DA7CE9018300
                                Function 00007FFDFB2B1000 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2916203802.00007FFDFB2B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFB2B0000, based on PE: true
                                • Associated: 00000002.00000002.2916177396.00007FFDFB2B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916322684.00007FFDFB445000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916322684.00007FFDFB45A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916322684.00007FFDFB46A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916322684.00007FFDFB473000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916322684.00007FFDFB483000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916322684.00007FFDFB4BE000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916477832.00007FFDFB4E2000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916499593.00007FFDFB4E5000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916522703.00007FFDFB4EA000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                • Associated: 00000002.00000002.2916542543.00007FFDFB4EB000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffdfb2b0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6466f1b71fe6151b2bdc733a94621b8fc217185e625b5eb0366eecccd6047dc1
                                • Instruction ID: fd53ef98275c48376282e3360e56b655aba7ab087ab70e207866c9b6b8d4d8b6
                                • Opcode Fuzzy Hash: 6466f1b71fe6151b2bdc733a94621b8fc217185e625b5eb0366eecccd6047dc1
                                • Instruction Fuzzy Hash: B7F04F41B1A35349FFEE804CDA3AB7121419F007AAE08E834DD5E823E9DD6D6C844660
                                Function 00007FFE12E11430 Relevance: 161.4, APIs: 77, Strings: 15, Instructions: 429COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918791017.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                • Associated: 00000002.00000002.2918770170.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918832818.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe12e10000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: From$Dealloc$Dict_ItemLongLong_StringUnicode_$Module_$Create2Dict
                                • String ID: MB_ICONASTERISK$MB_ICONEXCLAMATION$MB_ICONHAND$MB_ICONQUESTION$MB_OK$SND_ALIAS$SND_APPLICATION$SND_ASYNC$SND_FILENAME$SND_LOOP$SND_MEMORY$SND_NODEFAULT$SND_NOSTOP$SND_NOWAIT$SND_PURGE
                                • API String ID: 3492407682-1803360715
                                • Opcode ID: 21feae09776c1ca6ace48dbbcec56049f035d779cfda1fee3d679a9559b8202a
                                • Instruction ID: 98011e91ef40a2ed63f9cb2425c6aa555faa55983961621b22a2bc7367ad181f
                                • Opcode Fuzzy Hash: 21feae09776c1ca6ace48dbbcec56049f035d779cfda1fee3d679a9559b8202a
                                • Instruction Fuzzy Hash: BB02CC25F09E4341FE5B5B239D1827A63A16F55BB1F4C40BCC90E0A7B4EFADE905A312
                                Function 00007FFE13235304 Relevance: 124.6, APIs: 52, Strings: 19, Instructions: 370COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 523 7ffe13235304-7ffe13235340 PyModule_AddObjectRef 524 7ffe13235346-7ffe13235349 523->524 525 7ffe1323930c-7ffe1323930f 523->525 526 7ffe1323534f-7ffe13235377 PyModule_AddObjectRef 524->526 527 7ffe1323921c-7ffe13239225 _Py_Dealloc 524->527 528 7ffe13239315-7ffe1323931f _Py_Dealloc 525->528 529 7ffe132357c7-7ffe132357ca 525->529 526->525 530 7ffe1323537d-7ffe13235380 526->530 533 7ffe1323922b-7ffe13239234 _Py_Dealloc 527->533 528->529 531 7ffe132357b7-7ffe132357c6 529->531 532 7ffe13235386-7ffe13235397 PyLong_FromLong 530->532 530->533 532->529 534 7ffe1323539d-7ffe132353bb PyModule_AddObjectRef 532->534 536 7ffe1323923a-7ffe13239243 _Py_Dealloc 533->536 534->525 535 7ffe132353c1-7ffe132353c4 534->535 535->536 537 7ffe132353ca-7ffe132353d8 PyLong_FromLong 535->537 538 7ffe13239249-7ffe13239252 _Py_Dealloc 536->538 537->529 539 7ffe132353de-7ffe132353fc PyModule_AddObjectRef 537->539 541 7ffe13239258-7ffe13239261 _Py_Dealloc 538->541 539->525 540 7ffe13235402-7ffe13235405 539->540 540->538 542 7ffe1323540b-7ffe13235419 PyLong_FromLong 540->542 545 7ffe13239267-7ffe13239270 _Py_Dealloc 541->545 542->529 543 7ffe1323541f-7ffe1323543d PyModule_AddObjectRef 542->543 543->525 544 7ffe13235443-7ffe13235446 543->544 544->541 546 7ffe1323544c-7ffe1323545d PyLong_FromLong 544->546 548 7ffe13239276-7ffe1323927f _Py_Dealloc 545->548 546->529 547 7ffe13235463-7ffe13235481 PyModule_AddObjectRef 546->547 547->525 549 7ffe13235487-7ffe1323548a 547->549 551 7ffe13239285-7ffe1323928e _Py_Dealloc 548->551 549->545 550 7ffe13235490-7ffe132354a1 PyLong_FromLong 549->550 550->529 552 7ffe132354a7-7ffe132354c5 PyModule_AddObjectRef 550->552 554 7ffe13239294-7ffe1323929d _Py_Dealloc 551->554 552->525 553 7ffe132354cb-7ffe132354ce 552->553 553->548 555 7ffe132354d4-7ffe132354e5 PyLong_FromLong 553->555 557 7ffe132392a3-7ffe132392ac _Py_Dealloc 554->557 555->529 556 7ffe132354eb-7ffe13235509 PyModule_AddObjectRef 555->556 556->525 558 7ffe1323550f-7ffe13235512 556->558 560 7ffe132392b2-7ffe132392bb _Py_Dealloc 557->560 558->551 559 7ffe13235518-7ffe1323552b PyUnicode_FromString 558->559 559->529 561 7ffe13235531-7ffe1323554f PyModule_AddObjectRef 559->561 562 7ffe132392c1-7ffe132392ca _Py_Dealloc 560->562 561->525 563 7ffe13235555-7ffe13235558 561->563 565 7ffe132392d0-7ffe132392d9 _Py_Dealloc 562->565 563->554 564 7ffe1323555e-7ffe13235571 PyLong_FromVoidPtr 563->564 564->529 566 7ffe13235577-7ffe13235595 PyModule_AddObjectRef 564->566 569 7ffe132392df-7ffe132392e8 _Py_Dealloc 565->569 566->525 567 7ffe1323559b-7ffe1323559e 566->567 567->557 568 7ffe132355a4-7ffe132355b7 PyLong_FromVoidPtr 567->568 568->529 570 7ffe132355bd-7ffe132355db PyModule_AddObjectRef 568->570 572 7ffe132392ee-7ffe132392f7 _Py_Dealloc 569->572 570->525 571 7ffe132355e1-7ffe132355e4 570->571 571->560 573 7ffe132355ea-7ffe132355fd PyLong_FromVoidPtr 571->573 575 7ffe132392fd-7ffe13239306 _Py_Dealloc 572->575 573->529 574 7ffe13235603-7ffe13235621 PyModule_AddObjectRef 573->574 574->525 576 7ffe13235627-7ffe1323562a 574->576 575->525 576->562 577 7ffe13235630-7ffe13235643 PyLong_FromVoidPtr 576->577 577->529 578 7ffe13235649-7ffe13235667 PyModule_AddObjectRef 577->578 578->525 579 7ffe1323566d-7ffe13235670 578->579 579->565 580 7ffe13235676-7ffe13235689 PyLong_FromVoidPtr 579->580 580->529 581 7ffe1323568f-7ffe132356ad PyModule_AddObjectRef 580->581 581->525 582 7ffe132356b3-7ffe132356b6 581->582 582->569 583 7ffe132356bc-7ffe132356ca PyLong_FromLong 582->583 583->529 584 7ffe132356d0-7ffe132356ee PyModule_AddObjectRef 583->584 584->525 585 7ffe132356f4-7ffe132356f7 584->585 585->572 586 7ffe132356fd-7ffe1323570b PyLong_FromLong 585->586 586->529 587 7ffe13235711-7ffe1323572f PyModule_AddObjectRef 586->587 587->525 588 7ffe13235735-7ffe13235738 587->588 588->575 589 7ffe1323573e-7ffe1323574f PyLong_FromLong 588->589 589->529 590 7ffe13235751-7ffe1323576f PyModule_AddObjectRef 589->590 590->525 591 7ffe13235775-7ffe13235778 590->591 592 7ffe1323577e-7ffe132357a6 PyModule_AddObjectRef 591->592 593 7ffe13239324-7ffe1323932d _Py_Dealloc 591->593 592->525 594 7ffe132357ac-7ffe132357af 592->594 596 7ffe13239333-7ffe1323933c _Py_Dealloc 593->596 595 7ffe132357b5 594->595 594->596 595->531
                                APIs
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323532F
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235366
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323538B
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132353AA
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132353CC
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132353EB
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323540D
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323542C
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235451
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235470
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235495
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132354B4
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132354D9
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132354F8
                                • PyUnicode_FromString.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323551F
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323553E
                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235565
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235584
                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132355AB
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132355CA
                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132355F1
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235610
                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235637
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235656
                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323567D
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323569C
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132356BE
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132356DD
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132356FF
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323571E
                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235743
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323575E
                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235795
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323921F
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323922E
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323923D
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323924C
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323925B
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323926A
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239279
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239288
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239297
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132392A6
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132392B5
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132392C4
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132392D3
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132392E2
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132392F1
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239300
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239318
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239327
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13239336
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Module_Object$From$Long_$Long$Void$StringUnicode_
                                • String ID: 1.1.0$ArgumentError$COMError$CTYPES_MAX_ARGCOUNT$FUNCFLAG_CDECL$FUNCFLAG_HRESULT$FUNCFLAG_PYTHONAPI$FUNCFLAG_STDCALL$FUNCFLAG_USE_ERRNO$FUNCFLAG_USE_LASTERROR$RTLD_GLOBAL$RTLD_LOCAL$__version__$_cast_addr$_memmove_addr$_memset_addr$_pointer_type_cache$_string_at_addr$_wstring_at_addr
                                • API String ID: 2895207140-772522829
                                • Opcode ID: b7dbbcc8b36d8762ecc7955ef4353bb7629bcf7eedf864b22fa349bc15453bc1
                                • Instruction ID: 98ad12adf9c2f5c942412f6ae8a626acb844c04e56ad05b2a24dc2e2675a594e
                                • Opcode Fuzzy Hash: b7dbbcc8b36d8762ecc7955ef4353bb7629bcf7eedf864b22fa349bc15453bc1
                                • Instruction Fuzzy Hash: 2BE10C64B0DF42C9FE45EB67D860278A264AFEAFA5B1481B5CD0F667B5DE2CE044C301
                                Function 00007FFE126E2524 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1113 7ffe126e2524-7ffe126e2555 PyModule_GetState PyTuple_New 1114 7ffe126e255b-7ffe126e2570 PyModule_AddIntConstant 1113->1114 1115 7ffe126e2900-7ffe126e2903 1113->1115 1114->1115 1117 7ffe126e2576-7ffe126e258c PyModule_AddIntConstant 1114->1117 1116 7ffe126e28eb-7ffe126e28ff 1115->1116 1117->1115 1118 7ffe126e2592-7ffe126e25a8 PyModule_AddIntConstant 1117->1118 1118->1115 1119 7ffe126e25ae-7ffe126e25c4 PyModule_AddIntConstant 1118->1119 1119->1115 1120 7ffe126e25ca-7ffe126e25de call 7ffe126e2908 1119->1120 1120->1115 1123 7ffe126e25e4-7ffe126e25f9 call 7ffe126e2908 1120->1123 1123->1115 1126 7ffe126e25ff-7ffe126e2616 call 7ffe126e2908 1123->1126 1126->1115 1129 7ffe126e261c-7ffe126e2631 call 7ffe126e2908 1126->1129 1129->1115 1132 7ffe126e2637-7ffe126e264c call 7ffe126e2908 1129->1132 1132->1115 1135 7ffe126e2652-7ffe126e2667 call 7ffe126e2908 1132->1135 1135->1115 1138 7ffe126e266d-7ffe126e2688 call 7ffe126e2908 1135->1138 1138->1115 1141 7ffe126e268e-7ffe126e26a3 call 7ffe126e2908 1138->1141 1141->1115 1144 7ffe126e26a9-7ffe126e26be call 7ffe126e2908 1141->1144 1144->1115 1147 7ffe126e26c4-7ffe126e26d8 call 7ffe126e2908 1144->1147 1147->1115 1150 7ffe126e26de-7ffe126e26f3 call 7ffe126e2908 1147->1150 1150->1115 1153 7ffe126e26f9-7ffe126e270e call 7ffe126e2908 1150->1153 1153->1115 1156 7ffe126e2714-7ffe126e2729 call 7ffe126e2908 1153->1156 1156->1115 1159 7ffe126e272f-7ffe126e2744 call 7ffe126e2908 1156->1159 1159->1115 1162 7ffe126e274a-7ffe126e275f call 7ffe126e2908 1159->1162 1162->1115 1165 7ffe126e2765-7ffe126e277a call 7ffe126e2908 1162->1165 1165->1115 1168 7ffe126e2780-7ffe126e2794 call 7ffe126e2908 1165->1168 1168->1115 1171 7ffe126e279a-7ffe126e27af call 7ffe126e2908 1168->1171 1171->1115 1174 7ffe126e27b5-7ffe126e27ca call 7ffe126e2908 1171->1174 1174->1115 1177 7ffe126e27d0-7ffe126e27e5 call 7ffe126e2908 1174->1177 1177->1115 1180 7ffe126e27eb-7ffe126e2800 call 7ffe126e2908 1177->1180 1180->1115 1183 7ffe126e2806-7ffe126e281b call 7ffe126e2908 1180->1183 1183->1115 1186 7ffe126e2821-7ffe126e2836 call 7ffe126e2908 1183->1186 1186->1115 1189 7ffe126e283c-7ffe126e2853 call 7ffe126e2908 1186->1189 1189->1115 1192 7ffe126e2859-7ffe126e287a PyErr_NewExceptionWithDoc 1189->1192 1192->1115 1193 7ffe126e2880-7ffe126e288e PyModule_AddType 1192->1193 1193->1115 1194 7ffe126e2890-7ffe126e28a9 PyType_FromModuleAndSpec 1193->1194 1194->1115 1195 7ffe126e28ab-7ffe126e28b9 PyModule_AddType 1194->1195 1195->1115 1196 7ffe126e28bb-7ffe126e28d5 PyType_FromModuleAndSpec 1195->1196 1196->1115 1197 7ffe126e28d7-7ffe126e28e8 PyModule_AddType 1196->1197 1197->1116
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                • API String ID: 2322464913-730042774
                                • Opcode ID: f5d4c1f6f2c36ff70220e41c2091bf9949348104acd59cff62bf542e9bf1b55a
                                • Instruction ID: 9e26c63d9d8d07301e4720e95773aab179a88da8ccc3bff7b8667d520a87e746
                                • Opcode Fuzzy Hash: f5d4c1f6f2c36ff70220e41c2091bf9949348104acd59cff62bf542e9bf1b55a
                                • Instruction Fuzzy Hash: AEA11961B18E1A99EB10DB23EE409B52357AF54BE4F8060B4CD0D86AF5EFEDF544C620
                                Function 00007FFE13308EE4 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1198 7ffe13308ee4-7ffe13308f15 1199 7ffe133094ab-7ffe133094bd 1198->1199 1200 7ffe13308f1b-7ffe13308f39 1198->1200 1201 7ffe133094c0-7ffe133094c3 call 7ffe133074b4 1199->1201 1202 7ffe13308f3f 1200->1202 1203 7ffe13309054-7ffe13309057 1200->1203 1212 7ffe133094c8-7ffe133094e4 1201->1212 1207 7ffe13309042-7ffe1330904f 1202->1207 1208 7ffe13308f45-7ffe13308f48 1202->1208 1205 7ffe1330908e-7ffe13309095 1203->1205 1206 7ffe13309059-7ffe1330907d call 7ffe1330a4e8 1203->1206 1209 7ffe133090a1-7ffe133090a8 1205->1209 1210 7ffe13309097-7ffe1330909a 1205->1210 1228 7ffe133093ed-7ffe133093f1 1206->1228 1231 7ffe13309083-7ffe13309089 1206->1231 1211 7ffe133093e4-7ffe133093e8 call 7ffe13307014 1207->1211 1214 7ffe13308fc0-7ffe13308fc5 1208->1214 1215 7ffe13308f4a 1208->1215 1216 7ffe133090ae 1209->1216 1217 7ffe133091b8-7ffe133091bb 1209->1217 1210->1209 1211->1228 1219 7ffe13309030-7ffe1330903d 1214->1219 1220 7ffe13308fc7-7ffe13308fca 1214->1220 1222 7ffe13308f78-7ffe13308f85 1215->1222 1223 7ffe13308f4c-7ffe13308f4f 1215->1223 1226 7ffe133090b4-7ffe133090b7 1216->1226 1227 7ffe133091a6-7ffe133091b3 1216->1227 1232 7ffe133091c1 1217->1232 1233 7ffe13309338-7ffe1330933b 1217->1233 1219->1211 1229 7ffe13309003-7ffe1330902b call 7ffe13307538 1220->1229 1230 7ffe13308fcc-7ffe13308fcf 1220->1230 1222->1211 1224 7ffe13308fae-7ffe13308fbb 1223->1224 1225 7ffe13308f51-7ffe13308f54 1223->1225 1224->1211 1225->1224 1236 7ffe13308f56-7ffe13308f59 1225->1236 1239 7ffe1330915f-7ffe13309162 1226->1239 1240 7ffe133090bd 1226->1240 1227->1211 1241 7ffe13309422-7ffe13309429 1228->1241 1242 7ffe133093f3-7ffe133093fa 1228->1242 1229->1228 1244 7ffe13308fd1-7ffe13308fd4 1230->1244 1245 7ffe13308fed-7ffe13308ffe call 7ffe13307014 1230->1245 1231->1212 1234 7ffe13309326-7ffe13309333 1232->1234 1235 7ffe133091c7-7ffe133091ca 1232->1235 1237 7ffe13309341-7ffe13309344 1233->1237 1238 7ffe133093d7 1233->1238 1234->1211 1246 7ffe13309223 1235->1246 1247 7ffe133091cc-7ffe133091cf 1235->1247 1236->1224 1248 7ffe13308f5b-7ffe13308f5e 1236->1248 1250 7ffe1330937f-7ffe133093d5 call 7ffe1330bf20 call 7ffe13307204 call 7ffe133074b4 1237->1250 1251 7ffe13309346-7ffe13309349 1237->1251 1249 7ffe133093de 1238->1249 1254 7ffe13309197-7ffe133091a1 1239->1254 1255 7ffe13309164-7ffe13309167 1239->1255 1253 7ffe133090c3-7ffe133090c6 1240->1253 1240->1254 1259 7ffe13309430-7ffe13309465 call 7ffe13307204 call 7ffe133074b4 1241->1259 1256 7ffe13309412-7ffe13309420 1242->1256 1257 7ffe133093fc-7ffe13309400 1242->1257 1260 7ffe13308fe5-7ffe13308fe8 1244->1260 1261 7ffe13308fd6-7ffe13308fd9 1244->1261 1245->1229 1270 7ffe13309228-7ffe1330923f 1246->1270 1262 7ffe13309211-7ffe1330921e 1247->1262 1263 7ffe133091d1-7ffe133091d4 1247->1263 1264 7ffe13308f60-7ffe13308f63 1248->1264 1265 7ffe13308f9c-7ffe13308fa9 1248->1265 1249->1211 1250->1228 1266 7ffe13309373-7ffe1330937d 1251->1266 1267 7ffe1330934b-7ffe1330934e 1251->1267 1268 7ffe1330914c-7ffe1330915a call 7ffe13307418 1253->1268 1269 7ffe133090cc-7ffe133090cf 1253->1269 1254->1211 1273 7ffe13309188-7ffe13309192 1255->1273 1274 7ffe13309169-7ffe1330916c 1255->1274 1256->1259 1275 7ffe13309402-7ffe1330940a 1257->1275 1276 7ffe13309468-7ffe1330946b 1257->1276 1259->1276 1260->1270 1261->1260 1272 7ffe13308fdb-7ffe13308fde 1261->1272 1262->1211 1280 7ffe13309202-7ffe1330920c 1263->1280 1281 7ffe133091d6-7ffe133091d9 1263->1281 1264->1265 1282 7ffe13308f65-7ffe13308f68 1264->1282 1265->1211 1266->1211 1283 7ffe13309350-7ffe13309353 1267->1283 1284 7ffe13309364-7ffe13309367 1267->1284 1268->1228 1285 7ffe133090d1-7ffe133090d4 1269->1285 1286 7ffe1330910a-7ffe13309147 call 7ffe13308ee4 call 7ffe13307204 1269->1286 1287 7ffe133092a0-7ffe133092a3 1270->1287 1288 7ffe13309241-7ffe13309264 call 7ffe1330c3a4 1270->1288 1272->1260 1290 7ffe13308fe0-7ffe13308fe3 1272->1290 1273->1211 1274->1273 1292 7ffe1330916e-7ffe13309171 1274->1292 1275->1276 1293 7ffe1330940c-7ffe13309410 1275->1293 1278 7ffe1330949c-7ffe133094a9 1276->1278 1279 7ffe1330946d-7ffe13309497 call 7ffe1330866c call 7ffe133074b4 call 7ffe133075b8 1276->1279 1278->1212 1279->1278 1280->1211 1296 7ffe133091f0-7ffe133091fd 1281->1296 1297 7ffe133091db-7ffe133091de 1281->1297 1298 7ffe13308f8a-7ffe13308f97 1282->1298 1299 7ffe13308f6a-7ffe13308f6d 1282->1299 1283->1284 1300 7ffe13309355-7ffe1330935f 1283->1300 1284->1266 1301 7ffe133090d6-7ffe133090d9 1285->1301 1302 7ffe133090f8-7ffe13309105 1285->1302 1286->1201 1306 7ffe133092a5-7ffe133092ad 1287->1306 1307 7ffe1330930b-7ffe13309321 call 7ffe1330c3a4 1287->1307 1326 7ffe13309291-7ffe1330929b 1288->1326 1327 7ffe13309266-7ffe1330928e call 7ffe13307538 1288->1327 1290->1206 1290->1260 1309 7ffe13309173-7ffe13309176 1292->1309 1310 7ffe1330917c-7ffe13309183 1292->1310 1293->1256 1293->1276 1296->1211 1297->1300 1314 7ffe133091e4-7ffe133091eb 1297->1314 1298->1211 1299->1298 1315 7ffe13308f6f-7ffe13308f72 1299->1315 1300->1211 1301->1302 1316 7ffe133090db-7ffe133090de 1301->1316 1302->1211 1320 7ffe133092af-7ffe133092c5 call 7ffe13307014 1306->1320 1321 7ffe133092f1-7ffe133092f3 1306->1321 1307->1212 1309->1300 1309->1310 1310->1249 1314->1249 1315->1206 1315->1222 1324 7ffe133090e0-7ffe133090e3 1316->1324 1325 7ffe133090e9-7ffe133090f3 1316->1325 1320->1307 1341 7ffe133092c7-7ffe133092ef call 7ffe13307538 1320->1341 1321->1307 1331 7ffe133092f5-7ffe13309306 call 7ffe13307014 1321->1331 1324->1300 1324->1325 1325->1211 1326->1212 1327->1326 1331->1307 1341->1307
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                • API String ID: 2943138195-1482988683
                                • Opcode ID: 36e6e2d055789cd29251c4bf9697f6c8a4377c58ea8e1572b96a4f003d2d3a05
                                • Instruction ID: 8bf677716c57e76fa8e44dd299f40135a79721294afaac9255bf5e57bbcb6f55
                                • Opcode Fuzzy Hash: 36e6e2d055789cd29251c4bf9697f6c8a4377c58ea8e1572b96a4f003d2d3a05
                                • Instruction Fuzzy Hash: C0028072E18E128CFB55CB6AD8941BC27B0BB24364F4041B6DA2D76AB9DF3CA544C748
                                Function 00007FFE11ED6660 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 242threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1344 7ffe11ed6660-7ffe11ed6700 _PyArg_ParseTupleAndKeywords_SizeT 1345 7ffe11ed6706-7ffe11ed6711 1344->1345 1346 7ffe11ed69ee 1344->1346 1347 7ffe11ed6718-7ffe11ed6726 1345->1347 1348 7ffe11ed6713-7ffe11ed6716 1345->1348 1349 7ffe11ed69f0-7ffe11ed6a12 call 7ffe11ed2280 1346->1349 1351 7ffe11ed674a-7ffe11ed674e 1347->1351 1352 7ffe11ed6728-7ffe11ed673e PyUnicode_AsEncodedString 1347->1352 1350 7ffe11ed6761-7ffe11ed6770 1348->1350 1358 7ffe11ed67b8-7ffe11ed67c2 1350->1358 1359 7ffe11ed6772-7ffe11ed6780 PyLong_AsLong 1350->1359 1355 7ffe11ed69d7-7ffe11ed69e8 PyErr_SetString 1351->1355 1356 7ffe11ed6754-7ffe11ed675a PyBytes_AsString 1351->1356 1352->1346 1354 7ffe11ed6744-7ffe11ed6748 1352->1354 1362 7ffe11ed675d 1354->1362 1355->1346 1356->1362 1360 7ffe11ed67e3-7ffe11ed67e7 1358->1360 1361 7ffe11ed67c4-7ffe11ed67d3 PyUnicode_AsUTF8 1358->1361 1363 7ffe11ed6782-7ffe11ed678b PyErr_Occurred 1359->1363 1364 7ffe11ed6791-7ffe11ed67b6 PyOS_snprintf 1359->1364 1367 7ffe11ed67e9-7ffe11ed67ed 1360->1367 1368 7ffe11ed67ef-7ffe11ed67f6 1360->1368 1365 7ffe11ed67d9-7ffe11ed67e1 1361->1365 1366 7ffe11ed69b2-7ffe11ed69b5 1361->1366 1362->1350 1363->1364 1363->1366 1369 7ffe11ed67ff-7ffe11ed682d PySys_Audit 1364->1369 1365->1369 1370 7ffe11ed69c6-7ffe11ed69cd 1366->1370 1371 7ffe11ed69b7-7ffe11ed69bb 1366->1371 1367->1369 1372 7ffe11ed699b-7ffe11ed69ac PyErr_SetString 1368->1372 1373 7ffe11ed67fc 1368->1373 1369->1346 1374 7ffe11ed6833-7ffe11ed6885 PyEval_SaveThread getaddrinfo PyEval_RestoreThread 1369->1374 1370->1346 1376 7ffe11ed69cf-7ffe11ed69d5 freeaddrinfo 1370->1376 1371->1370 1375 7ffe11ed69bd-7ffe11ed69c0 _Py_Dealloc 1371->1375 1372->1366 1373->1369 1377 7ffe11ed6897-7ffe11ed68a5 PyList_New 1374->1377 1378 7ffe11ed6887-7ffe11ed6892 call 7ffe11ed403c 1374->1378 1375->1370 1376->1346 1377->1366 1380 7ffe11ed68ab-7ffe11ed68b2 1377->1380 1378->1366 1382 7ffe11ed68b8-7ffe11ed68cf call 7ffe11ed3ea0 1380->1382 1383 7ffe11ed6954-7ffe11ed6957 1380->1383 1391 7ffe11ed698a-7ffe11ed698e 1382->1391 1392 7ffe11ed68d5-7ffe11ed6910 _Py_BuildValue_SizeT 1382->1392 1384 7ffe11ed6968-7ffe11ed696f 1383->1384 1385 7ffe11ed6959-7ffe11ed695d 1383->1385 1388 7ffe11ed6977-7ffe11ed697a 1384->1388 1389 7ffe11ed6971 freeaddrinfo 1384->1389 1385->1384 1387 7ffe11ed695f-7ffe11ed6962 _Py_Dealloc 1385->1387 1387->1384 1388->1349 1389->1388 1391->1366 1393 7ffe11ed6990-7ffe11ed6999 _Py_Dealloc 1391->1393 1394 7ffe11ed691b-7ffe11ed691e 1392->1394 1395 7ffe11ed6912-7ffe11ed6915 _Py_Dealloc 1392->1395 1393->1366 1394->1391 1396 7ffe11ed6920-7ffe11ed6937 PyList_Append 1394->1396 1395->1394 1397 7ffe11ed697c-7ffe11ed697f 1396->1397 1398 7ffe11ed6939-7ffe11ed693c 1396->1398 1397->1391 1401 7ffe11ed6981-7ffe11ed6984 _Py_Dealloc 1397->1401 1399 7ffe11ed6947-7ffe11ed694e 1398->1399 1400 7ffe11ed693e-7ffe11ed6941 _Py_Dealloc 1398->1400 1399->1382 1399->1383 1400->1399 1401->1391
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Err_String$Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_LongLong_OccurredParseRestoreS_snprintfSaveSys_TupleValue_getaddrinfo
                                • String ID: %ld$Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                • API String ID: 3700949282-3943835681
                                • Opcode ID: ac0e0005ecee2beaaf5895c6605989e7061b2ddcda715d4e868953f6349ae067
                                • Instruction ID: 97f1cb1d345eec24e0bd3db7571317ba9addad432bce969c49a5128ba801310c
                                • Opcode Fuzzy Hash: ac0e0005ecee2beaaf5895c6605989e7061b2ddcda715d4e868953f6349ae067
                                • Instruction Fuzzy Hash: E0B12B32B08E028AEF50CFE6D8505BE23B9AB48BA8B4465B5DE4D57768DF3CE445C740
                                Function 00007FFE13231B80 Relevance: 54.5, APIs: 17, Strings: 14, Instructions: 246COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1402 7ffe13231b80-7ffe13231bc9 _PyArg_ParseTuple_SizeT 1403 7ffe13231bcf-7ffe13231bda 1402->1403 1404 7ffe13231d85-7ffe13231d87 1402->1404 1406 7ffe13231be0-7ffe13231bf1 PySequence_Tuple 1403->1406 1407 7ffe13236d68 1403->1407 1405 7ffe13231d56-7ffe13231d73 1404->1405 1406->1404 1408 7ffe13231bf7-7ffe13231c1d _PyArg_ParseTuple_SizeT 1406->1408 1411 7ffe13236d71-7ffe13236d7a _Py_Dealloc 1407->1411 1409 7ffe13231c23-7ffe13231c53 PySys_Audit 1408->1409 1410 7ffe13236dc9-7ffe13236dd1 1408->1410 1409->1410 1412 7ffe13231c59-7ffe13231c70 PyObject_GetAttrString 1409->1412 1410->1404 1413 7ffe13236dd7 1410->1413 1416 7ffe13236d80-7ffe13236d87 1411->1416 1412->1410 1414 7ffe13231c76-7ffe13231c84 1412->1414 1415 7ffe13236f6f-7ffe13236f76 _Py_Dealloc 1413->1415 1417 7ffe13231c8a-7ffe13231c9a PyLong_AsVoidPtr 1414->1417 1418 7ffe13236f3b-7ffe13236f5a PyErr_SetString 1414->1418 1415->1404 1419 7ffe13236d90-7ffe13236d97 1416->1419 1417->1411 1423 7ffe13231ca0-7ffe13231ca9 PyErr_Occurred 1417->1423 1421 7ffe13236f62-7ffe13236f66 1418->1421 1422 7ffe13236f5c _Py_Dealloc 1418->1422 1420 7ffe13236da7-7ffe13236db0 PyErr_SetString 1419->1420 1420->1410 1421->1404 1424 7ffe13236f6c 1421->1424 1422->1421 1423->1416 1425 7ffe13231caf-7ffe13231cb3 1423->1425 1424->1415 1426 7ffe13231cb6 call 7ffe13231d8c 1425->1426 1427 7ffe13231cbb-7ffe13231cc1 1426->1427 1428 7ffe13231cc7-7ffe13231cd2 call 7ffe132331d0 1427->1428 1429 7ffe13236ddc-7ffe13236df0 1427->1429 1436 7ffe13236e28-7ffe13236e2f 1428->1436 1437 7ffe13231cd8-7ffe13231ce6 1428->1437 1430 7ffe13236e04-7ffe13236e0f PyErr_Format 1429->1430 1431 7ffe13236df2-7ffe13236e02 PyErr_Format 1429->1431 1433 7ffe13236e15-7ffe13236e1d 1430->1433 1431->1433 1433->1404 1435 7ffe13236e23 1433->1435 1435->1415 1438 7ffe13236da0 1436->1438 1439 7ffe13236e34-7ffe13236e37 1437->1439 1440 7ffe13231cec-7ffe13231d00 call 7ffe13232dc0 1437->1440 1438->1420 1439->1440 1441 7ffe13236e3d-7ffe13236e4b 1439->1441 1440->1410 1448 7ffe13231d06-7ffe13231d0d 1440->1448 1443 7ffe13236e51-7ffe13236e59 1441->1443 1444 7ffe13236d99 1441->1444 1446 7ffe13236e5f-7ffe13236e62 1443->1446 1447 7ffe13236d89 1443->1447 1444->1438 1446->1440 1449 7ffe13236e68-7ffe13236e70 1446->1449 1447->1419 1450 7ffe13231d0f-7ffe13231d2c 1448->1450 1451 7ffe13231d74-7ffe13231d7b 1448->1451 1452 7ffe13236e74-7ffe13236ea2 _PyArg_ParseTuple_SizeT 1449->1452 1453 7ffe13231d2e-7ffe13231d42 call 7ffe13233f0c 1450->1453 1454 7ffe13231d7d-7ffe13231d83 _Py_Dealloc 1450->1454 1451->1450 1455 7ffe13236ea4-7ffe13236eaf 1452->1455 1456 7ffe13236f1d-7ffe13236f24 1452->1456 1461 7ffe13231d48-7ffe13231d53 1453->1461 1462 7ffe13236f29-7ffe13236f33 1453->1462 1454->1453 1458 7ffe13236ec1-7ffe13236ecb 1455->1458 1459 7ffe13236eb1-7ffe13236ebf 1455->1459 1456->1438 1463 7ffe13236efc-7ffe13236f12 1458->1463 1464 7ffe13236ecd-7ffe13236ed0 1458->1464 1459->1456 1459->1458 1461->1405 1462->1404 1465 7ffe13236f39 1462->1465 1463->1452 1467 7ffe13236f18 1463->1467 1464->1463 1466 7ffe13236ed2-7ffe13236ed5 1464->1466 1465->1424 1468 7ffe13236ee7-7ffe13236ef6 call 7ffe1323b8b4 1466->1468 1469 7ffe13236ed7-7ffe13236eda 1466->1469 1467->1440 1468->1410 1468->1463 1469->1463 1470 7ffe13236edc-7ffe13236edf 1469->1470 1472 7ffe13236ee5 1470->1472 1473 7ffe13236db2-7ffe13236dc3 PyErr_Format 1470->1473 1472->1463 1473->1410
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Dealloc$Arg_FormatParseSizeStringTuple_$Eval_Thread$AddressAttrAuditLong_Object_OccurredProcRestoreSaveSequence_Sys_TupleVoid
                                • String ID: O&O;illegal func_spec argument$O|O$_handle$abstract class$could not convert the _handle attribute to a pointer$ctypes.dlsym$function '%s' not found$function ordinal %d not found$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes$the _handle attribute of the second argument must be an integer
                                • API String ID: 1081342661-1557499450
                                • Opcode ID: 81bf86f915efca78798dbd81cfc19dde70ba7face78de59bde1888ce70c5e139
                                • Instruction ID: d0d33bc930a1597c8cf675b773ccb7fc0c0984d7bbd222655429f4b8ae44adda
                                • Opcode Fuzzy Hash: 81bf86f915efca78798dbd81cfc19dde70ba7face78de59bde1888ce70c5e139
                                • Instruction Fuzzy Hash: F4C12D21A09E06C9EB54EB67E8941B8A7B4BBA9BB4F5440B5DD0E277B4DF3CE445C300
                                Function 00007FFE1323C9D0 Relevance: 54.5, APIs: 23, Strings: 8, Instructions: 244COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Err_ErrorLast_errno$State_UnraisableWrite$CheckContainsDict_EnsureFunctionObject_ReleaseResultStringSubtypeType_VectorcallWarnmemcpy
                                • String ID: Parsing argument %zd$cannot build parameter$create argument %zd:$getting _needs_com_addref_$memory leak in callback function.$on calling ctypes callback function$on converting result of ctypes callback function$unexpected result of create argument %zd:
                                • API String ID: 1331253392-2697724128
                                • Opcode ID: 662eda2fa9ad5fa4c0407cff36c88571a43e939dd8943eeb715751b67e50d2ce
                                • Instruction ID: 85f0542810580f71e740886ab8d8df496c5ca8a6025b5caaf8dbeb78b3bd914d
                                • Opcode Fuzzy Hash: 662eda2fa9ad5fa4c0407cff36c88571a43e939dd8943eeb715751b67e50d2ce
                                • Instruction Fuzzy Hash: FFB13722A08E56CAEF54EF27D854178A7A0FBA8BA4F458571DA0E677B4DF3CE444C300
                                Function 00007FFE132341E0 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 214stringCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Object_$AttrDeallocString$Err_$Format$CallDict_LookupMakeMallocMem_OccurredSizeUnicode_Updatestrchr
                                • String ID: __ctype_be__$__ctype_le__$_type_ '%s' not supported$cbBhHiIlLdfuzZqQPXOv?g$class must define a '_type_' attribute$class must define a '_type_' attribute which must bea single character string containing one of '%s'.$class must define a '_type_' attribute which must be a string of length 1$class must define a '_type_' string attribute
                                • API String ID: 692835343-917751260
                                • Opcode ID: 1cbc2b4066554eb2cebf210fbf6479008959c66222fb09b3e1ad465d8608973f
                                • Instruction ID: b385e0ec0b74552ec51b2a62bae0081fda808f0434c84a8d23dc35cef49fb529
                                • Opcode Fuzzy Hash: 1cbc2b4066554eb2cebf210fbf6479008959c66222fb09b3e1ad465d8608973f
                                • Instruction Fuzzy Hash: 39A14321A09F42C9EA54AF27E850278A7A0EFE9BA4F4484B5DE4D27774DF7CE484C341
                                Function 00007FFE11ED6D30 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 156threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Size$Arg_Err_ParseRestoreSaveStringTuple_$AuditBuildDecodeS_snprintfSys_Unicode_Value_freeaddrinfogetaddrinfogetnameinfohtonl
                                • String ID: $(O)$IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getnameinfo(): flowinfo must be 0-1048575.$si|II;getnameinfo(): illegal sockaddr argument$sockaddr resolved to multiple addresses$socket.getnameinfo$surrogatepass
                                • API String ID: 2526741257-243639936
                                • Opcode ID: 32c5094f76eca928cf06a7504f4b0eea5f1d8eabecbe481599927c462cdb4e09
                                • Instruction ID: 224fb612013dc287f2f9cb274837dc30a8e059d28c6b4164e25482c34f6dd5d6
                                • Opcode Fuzzy Hash: 32c5094f76eca928cf06a7504f4b0eea5f1d8eabecbe481599927c462cdb4e09
                                • Instruction Fuzzy Hash: F4813171A08E4286EF108F92E8406AF73B5FB88BA4F5421B6DA4D47678DF7CE545CB40
                                Function 00007FFE11ED500C Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 247threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_closesocket$ErrorFormatFromHandleInformationLastLong_OccurredStringWindowsgetsocknamegetsockoptmemsetsocket
                                • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                • API String ID: 2694513709-2881308447
                                • Opcode ID: 0f28178252417c4c6a7bb6d783635ad64b30e11f595e79b0855981a5abd6ae31
                                • Instruction ID: 60b8a6dc5c014d03d90a9a37ac0b29e9fd6afad5d37eb2f24f413bf816f04021
                                • Opcode Fuzzy Hash: 0f28178252417c4c6a7bb6d783635ad64b30e11f595e79b0855981a5abd6ae31
                                • Instruction Fuzzy Hash: A6C18121A18F8182EB208B6ADC4467A73A4FF59BB4F106375DA5D036F5EF3CE5858700
                                Function 00007FFE132346D4 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 204COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Err_$Object_$AttrLong_LookupMallocMem_String$CallDict_ExceptionMakeMatchesMemoryOccurredSignSsize_tUpdate
                                • String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
                                • API String ID: 4019195241-504660705
                                • Opcode ID: 055b8fc62c60c1bd71026e2f714f2505c56a84889395af57f89967a2e91b601f
                                • Instruction ID: 781567800511b1718df402ae577f1117217e758e83db5cd4a3af5cfd864f8d72
                                • Opcode Fuzzy Hash: 055b8fc62c60c1bd71026e2f714f2505c56a84889395af57f89967a2e91b601f
                                • Instruction Fuzzy Hash: 03A10021A09F42C9EA54AF27D850278A7A1FFE9BB4F5441B1D91E662B4DF7CE489C300
                                Function 00007FFE1323A4C0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 215COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Number_OccurredSsize_t$FromString$Bytes_Mem_SizeUnicode_$CharCheckFreeIndex_List_MallocMemoryWide
                                • String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
                                • API String ID: 3053630023-3059441807
                                • Opcode ID: 6979928dfef85d8a828cd9ee037a140b3c1fa3fa22f5c964d232601827984960
                                • Instruction ID: 49a481d8888efb05f07c392b79fbb4cb98861219cc0eae4ff9ffced2c136529c
                                • Opcode Fuzzy Hash: 6979928dfef85d8a828cd9ee037a140b3c1fa3fa22f5c964d232601827984960
                                • Instruction Fuzzy Hash: 30910821E09E0289FA55AB179554178A761BFE8FB0B4486B1CD2E677F4EE3CE485C700
                                Function 00007FFE11ED41C0 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 166threadstringCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Threadfreeaddrinfo$RestoreSavegetaddrinfoinet_ptonmemcpystrcmp$Err_Stringstrchr
                                • String ID: 255.255.255.255$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                • API String ID: 535957624-1715193308
                                • Opcode ID: cdefa8b7dc4e1c9f1d37940d2dd5b1f1bb56c3d4d45ba7a3aa08869bb9be269c
                                • Instruction ID: ae237ec90193e41948fcc973691beb813060f3bc1900b48b9700d3f0e543da92
                                • Opcode Fuzzy Hash: cdefa8b7dc4e1c9f1d37940d2dd5b1f1bb56c3d4d45ba7a3aa08869bb9be269c
                                • Instruction Fuzzy Hash: 7F71A561E08F4282EF209FA79D442BE23A8BB54BA0F546275DA4D43AB1DF3CE5958340
                                Function 00007FFE1323C6B4 Relevance: 42.1, APIs: 21, Strings: 3, Instructions: 121COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$FromLong_$Err_Void$Object_StringUnraisableWrite$ArgsAttrCallFunctionImportImport_InternLongModuleOccurredUnicode_
                                • String ID: DllGetClassObject$_ctypes.DllGetClassObject$ctypes
                                • API String ID: 375360433-177550262
                                • Opcode ID: b5513430baef804698b72f87c032f2232b88aa434da5969d4ce7dec095e12011
                                • Instruction ID: 50af40d780d6f6962401accd7be72e7b553172e625ae87c1f7a43156c78fef3b
                                • Opcode Fuzzy Hash: b5513430baef804698b72f87c032f2232b88aa434da5969d4ce7dec095e12011
                                • Instruction Fuzzy Hash: 2451BD25E09E12CAFE55AB63A954238A3A0AFE9FA5F0845B4CD0E27774DF3DA545C300
                                Function 00007FFE130C2260 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 202timethreadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                • _PyTime_FromSecondsObject.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C22BF
                                • PyErr_ExceptionMatches.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C22D3
                                • PyErr_SetString.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C231F
                                  • Part of subcall function 00007FFE130C25C8: PySequence_Fast.PYTHON311(00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C25F0
                                • _PyDeadline_Init.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C23DA
                                • PyEval_SaveThread.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C241A
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2423
                                • select.WS2_32 ref: 00007FFE130C243D
                                • PyEval_RestoreThread.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2449
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C244F
                                • PyErr_CheckSignals.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C245E
                                • _PyDeadline_Get.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2479
                                • _PyTime_AsTimeval_clamp.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2497
                                • PyErr_Occurred.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C24F2
                                • PyTuple_Pack.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2509
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2520
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2534
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2548
                                • WSAGetLastError.WS2_32(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C25AE
                                • PyErr_SetExcFromWindowsErr.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C25C0
                                  • Part of subcall function 00007FFE130C25C8: PyObject_AsFileDescriptor.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C265C
                                  • Part of subcall function 00007FFE130C25C8: PyErr_SetString.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26CA
                                  • Part of subcall function 00007FFE130C25C8: _Py_Dealloc.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26D9
                                  • Part of subcall function 00007FFE130C25C8: _Py_Dealloc.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26E8
                                  • Part of subcall function 00007FFE130C25C8: _Py_Dealloc.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26FE
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_$Deadline_Eval_FromStringThreadTime__errno$CheckDescriptorErrorExceptionFastFileInitLastMatchesObjectObject_OccurredPackRestoreSaveSecondsSequence_SignalsTimeval_clampTuple_Windowsselect
                                • String ID: timeout must be a float or None$timeout must be non-negative
                                • API String ID: 1581318368-2150404077
                                • Opcode ID: af26c906d80cdcaef9b1c7707cf0177dbe53b8e671061a6009a46fe445b3fcbf
                                • Instruction ID: 0d0ccfb523f8f69407f6ea346ff704b20fe0101c510c8ac5c401419013793413
                                • Opcode Fuzzy Hash: af26c906d80cdcaef9b1c7707cf0177dbe53b8e671061a6009a46fe445b3fcbf
                                • Instruction Fuzzy Hash: BF918161A18E838DEA209F26E8541B963E6FF64BA4F8041F1DD0D67AB8DF3CD645C300
                                Function 00007FFE11ED3588 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 167networkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Format$Deallochtons
                                • String ID: %s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])
                                • API String ID: 2819711985-3893595010
                                • Opcode ID: 345e012d61b2e8659524b3f56b858863a74126cd3a1e83b1df232dfea0b2f435
                                • Instruction ID: 00b28163b60b563a7dd66ffcf8e92f95b80b7b023f3bda6b9e7b66d91ef940d5
                                • Opcode Fuzzy Hash: 345e012d61b2e8659524b3f56b858863a74126cd3a1e83b1df232dfea0b2f435
                                • Instruction Fuzzy Hash: 56811AB6A08E4695EF10CFA2DC406BA33A8FB44BA8F556176DA0D57AA4DF3DE444C340
                                Function 00007FFE13239798 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 176COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: From$Bytes_Err_Mem_SizeSlice_StringUnicode_$AdjustCharCheckFreeIndex_IndicesList_MallocMemoryNumber_OccurredSsize_tUnpackWide
                                • String ID: indices must be integers
                                • API String ID: 4188490530-2024404580
                                • Opcode ID: e570ecff3f3fa346b7648cae94d04275b3108b85bd0816525fe5c5b16466f0b5
                                • Instruction ID: adc1eab82b4e3e965432f30646a123d9650ac8c99a1862e9162c0979667b736b
                                • Opcode Fuzzy Hash: e570ecff3f3fa346b7648cae94d04275b3108b85bd0816525fe5c5b16466f0b5
                                • Instruction Fuzzy Hash: EC714021B09E42CAEA54BB279954278A761FFE9BF4B0441B1DD1E67BB4EE3CE445C300
                                Function 00007FFE1323D4A0 Relevance: 33.3, APIs: 18, Strings: 1, Instructions: 88COMMON
                                Download Yara Rule
                                APIs
                                • PyUnicode_FromFormatV.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D4C5
                                • PyErr_Fetch.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D4E4
                                • PyErr_NormalizeException.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D4F6
                                • PyType_GetName.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D50D
                                • PyObject_Str.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D515
                                • PyUnicode_AppendAndDel.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D527
                                • PyUnicode_FromString.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D534
                                • PyUnicode_AppendAndDel.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D541
                                • PyErr_Clear.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D550
                                • PyObject_Str.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D55A
                                • PyErr_Clear.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D565
                                • PyUnicode_FromString.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D572
                                • PyUnicode_AppendAndDel.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D57F
                                • PyErr_SetObject.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D594
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D5A9
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D5BE
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D5D3
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13237997), ref: 00007FFE1323D5E8
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Unicode_$Err_$Dealloc$AppendFrom$ClearObject_String$ExceptionFetchFormatNameNormalizeObjectType_
                                • String ID: ???
                                • API String ID: 979652146-1053719742
                                • Opcode ID: a0277b81e7bf4beead51eb80468770295d906e45afe09c37c0bcdcee4447fb49
                                • Instruction ID: 4a14368a92d7f28a444699d705e29d9f1c14db1f775a6b3b8f273576f11da07b
                                • Opcode Fuzzy Hash: a0277b81e7bf4beead51eb80468770295d906e45afe09c37c0bcdcee4447fb49
                                • Instruction Fuzzy Hash: F341E772E09E02C9EF45AB62D8542B8A770BFA8B69F048575CD0E62674DF3CA489C350
                                Function 00007FFE13239E68 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 78threadlibraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrAuditFormatLong_Object_OccurredParseProcRestoreSaveSizeSys_Tuple_Void
                                • String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$ctypes.dlsym$symbol '%s' not found$the _handle attribute of the second argument must be an integer
                                • API String ID: 1915345233-3856192562
                                • Opcode ID: 7ca03c74892ce7554a02cb8c30f6c35098380688a7c70d2a3342523bcc2a4215
                                • Instruction ID: 399dc122b44560d8a03a18ff450a06ffb44c7a7c75351e6022ff7c6c9bcbb3cc
                                • Opcode Fuzzy Hash: 7ca03c74892ce7554a02cb8c30f6c35098380688a7c70d2a3342523bcc2a4215
                                • Instruction Fuzzy Hash: AD31CB61B08E42CAEB44AF27E854178A7A0BFE9FA4F1490B5DD0E67774DE2CE485C300
                                Function 00007FFE11ED32E8 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 173networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAGetLastError.WS2_32 ref: 00007FFE11ED3313
                                  • Part of subcall function 00007FFE11ED4088: _Py_BuildValue_SizeT.PYTHON311(?,?,?,00007FFE11ED3320), ref: 00007FFE11ED409E
                                  • Part of subcall function 00007FFE11ED4088: PyErr_SetObject.PYTHON311(?,?,?,00007FFE11ED3320), ref: 00007FFE11ED40B6
                                  • Part of subcall function 00007FFE11ED4088: _Py_Dealloc.PYTHON311(?,?,?,00007FFE11ED3320), ref: 00007FFE11ED40C5
                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE11ED3330
                                • PyErr_SetFromErrno.PYTHON311 ref: 00007FFE11ED3346
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$BuildDeallocErrnoErrorFromLastObjectSizeValue__errno
                                • String ID: NOO$surrogatepass$unsupported address family
                                • API String ID: 316901363-472101058
                                • Opcode ID: dcd42529ef49c9ac7a46733f8ddf47eaf21d2d38896ab5ee38034c2f4b85ccb4
                                • Instruction ID: a0f8610e3fa2d5d782b0d2f0df499174a1104a23d1dae8f19b6a65ecdcdcae0f
                                • Opcode Fuzzy Hash: dcd42529ef49c9ac7a46733f8ddf47eaf21d2d38896ab5ee38034c2f4b85ccb4
                                • Instruction Fuzzy Hash: 95716F62A0CF8285EF558FA7EC0467A63A9BF54BA4F446675DA4E077B4EF3CE4418300
                                Function 00007FFE1323F724 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 157COMMON
                                Download Yara Rule
                                APIs
                                • PyObject_GetAttrString.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F756
                                • PySequence_Fast.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F772
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F784
                                • PyArg_ParseTuple.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F7E8
                                • PyObject_GetAttr.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F802
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F854
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F8D0
                                • PyObject_SetAttr.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F8E4
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F8F8
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F917
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F931
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F940
                                • PyErr_SetString.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F972
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13238C2F), ref: 00007FFE1323F983
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$AttrObject_$String$Arg_Err_FastParseSequence_Tuple
                                • String ID: OO|O$_fields_$_fields_ must be a sequence$unexpected type
                                • API String ID: 1182381414-2418103425
                                • Opcode ID: 9a21982e818a441de51ee13329167cb0591f09edfc229330b12a1e4341a6436c
                                • Instruction ID: 4900025e767ba304bf40ceccc89fa61a50bd1df02661185a88337b29862c3963
                                • Opcode Fuzzy Hash: 9a21982e818a441de51ee13329167cb0591f09edfc229330b12a1e4341a6436c
                                • Instruction Fuzzy Hash: EB611F72A09F46AAEA54EB27E944579A3A0FBA8BB0F044175CE8D13774DF3CE495C300
                                Function 00007FFE13235028 Relevance: 30.1, APIs: 20, Instructions: 148COMMON
                                Download Yara Rule
                                APIs
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323504E
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235065
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323507D
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132350A0
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132350C6
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132350EC
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235112
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235138
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323515E
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235181
                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132351A7
                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132351CD
                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132351F3
                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235219
                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323523F
                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323526C
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235281
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132352A0
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132352B1
                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132352D3
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ReadyType_$Module_Type
                                • String ID:
                                • API String ID: 2298540608-0
                                • Opcode ID: 54f91af859aac5329c47ad103bf883f4ecd078e41e036d01a27fff442e20b039
                                • Instruction ID: 58c2f7337c92c654d295cd19989598e45b19959a6da7b3ddd2dfb183b54daf73
                                • Opcode Fuzzy Hash: 54f91af859aac5329c47ad103bf883f4ecd078e41e036d01a27fff442e20b039
                                • Instruction Fuzzy Hash: 8771B020A1DF13DAE600BB67BC40535ABA4BFA4BA8F5084B5D96DA2674EF7DE045C300
                                Function 00007FFE1320210C Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 116threadtimeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Eval_ThreadThread_acquire_lock_timedTime_$CallsDeadline_FromMakeMicrosecondsModuleNoneObjectPendingRestoreSaveSecondsStringThread_release_lockType_
                                • String ID: 'timeout' must be a non-negative number$timeout value is too large
                                • API String ID: 1143863106-4256478105
                                • Opcode ID: 4ec1b1fa42c07ad777bce140c811d275ad25926547c9346e609a1a1f99469cc7
                                • Instruction ID: 26030c16570c86e43f4a6238155c0a228f1ea987ca3102e3962c0af5c0177ed6
                                • Opcode Fuzzy Hash: 4ec1b1fa42c07ad777bce140c811d275ad25926547c9346e609a1a1f99469cc7
                                • Instruction Fuzzy Hash: 81513E21A08E169AEB10AB53D85023E62A0FBE9FB0F404572CE0D67BB5DF3CE459C740
                                Function 00007FFE1330C78C Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 289COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+$Replicator::operator[]
                                • String ID: `anonymous namespace'
                                • API String ID: 3863519203-3062148218
                                • Opcode ID: 29843075ff213e4678463bd9e4c4852a4219599ce3764149382065ef125c3596
                                • Instruction ID: 57e3d2e2b13a7cf5a6e1bffb4e59c7139ebbb341f55a075b3dcca048b459352f
                                • Opcode Fuzzy Hash: 29843075ff213e4678463bd9e4c4852a4219599ce3764149382065ef125c3596
                                • Instruction Fuzzy Hash: 2BE18C72A08F8299EB10CF66D4801AD77A0FB647A4F404175EAAD2BB76DF3CE554C704
                                Function 00007FFE126D71DC Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 153threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_LongStringThread_free_lock$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                • API String ID: 3070611864-1518367256
                                • Opcode ID: 025aefb13555cae887ef6c48fdc6cfaa3af8b4df0a976e887b84f6ae25d14dda
                                • Instruction ID: 982c1e32ee05140117f1667fd71dff35a2bdacbe89df5ce50078cb2fade8e320
                                • Opcode Fuzzy Hash: 025aefb13555cae887ef6c48fdc6cfaa3af8b4df0a976e887b84f6ae25d14dda
                                • Instruction Fuzzy Hash: 4A615E21A08E8A87EA5DCB239C943B86364FB45BB0F1442B5DE6D572F0CFBCE4548341
                                Function 00007FFE13232C90 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$String$LongLong_Occurred$Bytes_Capsule_CharClearFreeMem_Unicode_UnsignedWide
                                • String ID: Don't know how to convert parameter %d$_ctypes pymem$int too long to convert
                                • API String ID: 3969321993-4137960972
                                • Opcode ID: 84a72b6a64f7e58ef7106ff91161727bef33725574b0370cedf856625ec34b12
                                • Instruction ID: 06849622c196ed9d3f3f3a5dd410f78db6c6d7fd20701d3396f4be5b9bd0c2f6
                                • Opcode Fuzzy Hash: 84a72b6a64f7e58ef7106ff91161727bef33725574b0370cedf856625ec34b12
                                • Instruction Fuzzy Hash: 18513D32A19F46C9EB44AF26E484138A3A0FFA9BA4B0485B5DE5D63774DF3CE491C340
                                Function 00007FFE13231404 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 117COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocDict_$CallErr_ErrorFromFunction_ItemLong_Object_OccurredPackSizeSsize_tTuple_With
                                • String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
                                • API String ID: 2975079148-1488966637
                                • Opcode ID: 4b9e39d2e5c219fd7f77c84992df2d80c2fda8daf9d237960527683bdad92fae
                                • Instruction ID: 2d3b68651d624a20a0aca8e2c81354191f0f06248221e19317fa49f381b1d19a
                                • Opcode Fuzzy Hash: 4b9e39d2e5c219fd7f77c84992df2d80c2fda8daf9d237960527683bdad92fae
                                • Instruction Fuzzy Hash: B5513021A09F42C9FA51BB17E950279A3A4AFE8BB4F148075CE0E263B4EE3CF445C340
                                Function 00007FFE13239A88 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 101COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$String$Arg_AuditBuffer_ContiguousDeallocFormatFromMemoryObjectParseSizeSys_Tuple_View_
                                • String ID: Buffer size too small (%zd instead of at least %zd bytes)$O|n:from_buffer$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$underlying buffer is not C contiguous$underlying buffer is not writable
                                • API String ID: 3947696715-3790261066
                                • Opcode ID: 6f91a64f5329831d1cdf7c4b25470fb5dbaa7ad2f9e3551f3ba25eea1f825ae0
                                • Instruction ID: d3f636eeb8295c4de1b0c9361782edb7e49575c80b435534e964f95488f5203f
                                • Opcode Fuzzy Hash: 6f91a64f5329831d1cdf7c4b25470fb5dbaa7ad2f9e3551f3ba25eea1f825ae0
                                • Instruction Fuzzy Hash: EC413E61B08E46C9EA54EB27E850278A361AFE9BF4F0481B1DA1E676B4DF7CF544C300
                                Function 00007FFE1323D5F8 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 79threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Capsule_$Dict_Err_ItemMem_String$CallocDeallocDictErrorFreeFromInternOccurredPointerState_ThreadUnicode_ValidWith
                                • String ID: _ctypes pymem$cannot get thread state$ctypes.error_object$ctypes.error_object is an invalid capsule
                                • API String ID: 2323834031-3474121714
                                • Opcode ID: accf9b440147d9a92cb32684a6abaa720b59604840fdd08eebf715022aa40aa7
                                • Instruction ID: 3b6093865cd39531b331f643bdc433003ca7e69761b29340c577e0cb78d64e8d
                                • Opcode Fuzzy Hash: accf9b440147d9a92cb32684a6abaa720b59604840fdd08eebf715022aa40aa7
                                • Instruction Fuzzy Hash: 4F31EB20A09F42C9FA55BB13A854138A3A0BFE9BB5B4484B5C92E63774EF3CE585C700
                                Function 00007FFE12E11000 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 115threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918791017.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                • Associated: 00000002.00000002.2918770170.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918832818.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe12e10000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Eval_StringThread$Arg_BufferBuffer_CharFreeKeywordsLong_Mem_Object_OccurredPlayReleaseRestoreSaveSoundUnicode_UnpackWide
                                • String ID: 'sound' must be str or None, not '%s'$Cannot play asynchronously from memory$Failed to play sound
                                • API String ID: 3385494751-1730434452
                                • Opcode ID: 77ec2cd204871f23a421cf9e6bc1305cf6b37859e3342d5f5673a11d28b432ab
                                • Instruction ID: 46c19e26c38752fc5cd6747041ba1dc6efe0e08d3eda0b220314364c4d6d997c
                                • Opcode Fuzzy Hash: 77ec2cd204871f23a421cf9e6bc1305cf6b37859e3342d5f5673a11d28b432ab
                                • Instruction Fuzzy Hash: 81511C21F0CF8281EB629B13EC4537BA3A1BB85BA0F544179D94D076B4DFBCE444A712
                                Function 00007FFE126E0030 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 110COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Mem_$FreeLongString$Arg_CallocClearDeallocExceptionFormatItemKeywords_Long_Mapping_MatchesMemoryOccurredParseSizeTupleUnsigned
                                • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                • API String ID: 1065449411-1461672608
                                • Opcode ID: 0a1fe93500fb03bc1e48a281624ffad7ffdc8fead798ab6822c18ae09afa2379
                                • Instruction ID: 94fb087d79f0c98f291b7e164b4d1ba8839612242ddfe303545e06b9cc3f60c1
                                • Opcode Fuzzy Hash: 0a1fe93500fb03bc1e48a281624ffad7ffdc8fead798ab6822c18ae09afa2379
                                • Instruction Fuzzy Hash: 6551EE35608F4285EA20CF52FC502A973A4FB84BA4F544175CA8D57BB8DFBCE459C740
                                Function 00007FFE13234118 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 92COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Err_$Format$AttrLookupObject_OccurredSequence_StringTupleTuple_
                                • String ID: _argtypes_ has too many arguments (%zi), maximum is %i$_argtypes_ must be a sequence of types$item %zd in _argtypes_ has no from_param method
                                • API String ID: 4102822968-1150265712
                                • Opcode ID: b465a1dad8b079f441bebe69d373bb45d8456e0132b52fc939e0217758a31e23
                                • Instruction ID: 6962f04b81b1ae9fda420a200f6b9b0bf8c0ff876e1dbb4beeaf7be688da7756
                                • Opcode Fuzzy Hash: b465a1dad8b079f441bebe69d373bb45d8456e0132b52fc939e0217758a31e23
                                • Instruction Fuzzy Hash: 1941FF22A09E07C9EA55AF27E844078A7A0AFF9FB4F0444B1C94D2B674DE7CE589C300
                                Function 00007FFE11ED46BC Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114networkthreadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ErrorLast$Eval_Thread$Err_$CheckDeadline_RestoreSaveSignals$InitStringTime_Timeval_clampselect
                                • String ID: timed out
                                • API String ID: 497267021-3163636755
                                • Opcode ID: 38c4f76a7ee197147ac4bfb2bcbfd9314fe9dd1a8714764610627149840ccdaf
                                • Instruction ID: 804d59cbf994b710c61426af9d36a1962e8806c7c5f171c57d69b2bbdb7cf527
                                • Opcode Fuzzy Hash: 38c4f76a7ee197147ac4bfb2bcbfd9314fe9dd1a8714764610627149840ccdaf
                                • Instruction Fuzzy Hash: CD417F25E08E4286FF645BE7AC446BB6298BF65FB4F0561B0DD5D42AB4CF3CE8858310
                                Function 00007FFE11ED38E4 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 104COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Bytes_String$DeallocErr_Size
                                • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                • API String ID: 2522550923-2120988924
                                • Opcode ID: 3f218649045629f6069e9841134a8ddc55994a625152d29d63930f96b81b775f
                                • Instruction ID: 62bdf7f038eb1ebedf55973ae74d0f6f503cc2ea01e0692f5d80394bc803546a
                                • Opcode Fuzzy Hash: 3f218649045629f6069e9841134a8ddc55994a625152d29d63930f96b81b775f
                                • Instruction Fuzzy Hash: E6414FA1A0DF0682EF548B97EC9073A2368AF45BB4F5861B5CA5E472B4DF3CE4958300
                                Function 00007FFE1323D2E0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 104COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: From$FormatUnicode_$DeallocDoubleFloat_
                                • String ID: <cparam '%c' (%R)>$<cparam '%c' (%d)>$<cparam '%c' (%ld)>$<cparam '%c' (%lld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>
                                • API String ID: 1798191970-1075073485
                                • Opcode ID: e630b7be73e712d3a37526d796ee4f4f39b16323d62473f23fa0d0fb00351437
                                • Instruction ID: 8682a2034e47e83e20064f929784a77cdb67cdbe047ad19cefbcd31e8701e3ed
                                • Opcode Fuzzy Hash: e630b7be73e712d3a37526d796ee4f4f39b16323d62473f23fa0d0fb00351437
                                • Instruction Fuzzy Hash: 3A41AF6190CD438DE669AB3B9458038DA61EFFAB24F1841B0C64E355B9DE2CFD45CB40
                                Function 00007FFE11ED6200 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 83COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                • API String ID: 418579395-1608436615
                                • Opcode ID: 038f49541202c8c9e344ee84141582b914636cdd657cab73a632a64df90ac60f
                                • Instruction ID: f2ef763ae74e16cf8788eaf5ef974c824dd2bde28103ad4cbc68a6e263546561
                                • Opcode Fuzzy Hash: 038f49541202c8c9e344ee84141582b914636cdd657cab73a632a64df90ac60f
                                • Instruction Fuzzy Hash: CE41EE36608E4696DB208F92EC40BAA7374FB89BA4F501275DA9D43674DF3CD549CB00
                                Function 00007FFE13239C0C Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 79COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Buffer_ReleaseString$Arg_AuditFormatParseSizeSys_Tuple_memcpy
                                • String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$y*|n:from_buffer_copy
                                • API String ID: 2374319793-1742308441
                                • Opcode ID: 2d8fddc9779f14f0481d8ddfd406fb15762d92becc72ec0614fe25a827832394
                                • Instruction ID: be20dcc56e7844572388ad7b15df6d47d28463e01a3f4d23ef21516a017227e6
                                • Opcode Fuzzy Hash: 2d8fddc9779f14f0481d8ddfd406fb15762d92becc72ec0614fe25a827832394
                                • Instruction Fuzzy Hash: 10310861B18E46C9EA54EB17E8502A9A360FFE9BE0F5084B2DA4E67774DE3CE544C300
                                Function 00007FFE1323C224 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AttrObject_String$Arg_Dealloc$KeywordsParseSequence_SizeSliceTuple_
                                • String ID: OOO:COMError$args$details$hresult$text
                                • API String ID: 4238450639-2065934886
                                • Opcode ID: 7b88bc987767ef29d30f6af4a34bd6ec754f27a2cd5e2595f319dc9faf46bccc
                                • Instruction ID: 307d8dc32fc6b71bd958f9646a5b754324981924ac67732a5ce978682cc86c81
                                • Opcode Fuzzy Hash: 7b88bc987767ef29d30f6af4a34bd6ec754f27a2cd5e2595f319dc9faf46bccc
                                • Instruction Fuzzy Hash: 53313C61A18F528AFE10AF27E840169B360FFE9BE4F449075CE4E67674DE2DE485C340
                                Function 00007FFE11ED76AC Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_Err_Release$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                • API String ID: 418764794-2822559286
                                • Opcode ID: cf4bd7ae1774b7dacff3fff39d392359017d4e22f2b23853f2c82bc2b4d813ba
                                • Instruction ID: 49ede1594e4cd0adb86015f26693ce084cded0e5205550b1a4d54caf814d1a62
                                • Opcode Fuzzy Hash: cf4bd7ae1774b7dacff3fff39d392359017d4e22f2b23853f2c82bc2b4d813ba
                                • Instruction Fuzzy Hash: F231EF21A18D8381EF508B96EC5467B63A8FF84BA9F4064B6D54E87574DF3DE448C700
                                Function 00007FFE132345B8 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 68threadlibraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Eval_FromThread$Arg_AuditCharErrorFormatFreeLastLibraryLoadLong_Mem_ParseRestoreSaveStringSys_TupleUnicode_VoidWideWindows
                                • String ID: Could not find module '%.500S' (or one of its dependencies). Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                • API String ID: 3805577924-808210370
                                • Opcode ID: 8085d2a71d9d3a5a76fe34bec048b7c14a2e952a150ea8cd1b327b92dda5160e
                                • Instruction ID: 1921e9237b331b93948028f0603030d46d0a4f82b7682f3ad82aa721dc352bf5
                                • Opcode Fuzzy Hash: 8085d2a71d9d3a5a76fe34bec048b7c14a2e952a150ea8cd1b327b92dda5160e
                                • Instruction Fuzzy Hash: 1F214D65A08E42C9FB54AF63E844178A760AFE8BB1F0480B1CD0E62270DE7CE489C740
                                Function 00007FFE1323C5B0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Dealloc$StringUnraisableWrite$AttrClearFromImportImport_InternLongLong_ModuleObject_OccurredUnicode_
                                • String ID: DllCanUnloadNow$_ctypes.DllCanUnloadNow$ctypes
                                • API String ID: 3419117993-4136862661
                                • Opcode ID: 6480632f02bad077a56764e5c1bb2d947567b6f8de28b8c217792b4108e53cfe
                                • Instruction ID: 5898a214b6865b16a9613deb6e2a72b3f245696d3470276a99ccef4a1bfbec73
                                • Opcode Fuzzy Hash: 6480632f02bad077a56764e5c1bb2d947567b6f8de28b8c217792b4108e53cfe
                                • Instruction Fuzzy Hash: 8021CA21E49F06C9FE54BB23AA54234A3A0AFE9BB5F0455B4C90E27370EF2CA484C700
                                Function 00007FFE11ED7380 Relevance: 24.1, APIs: 16, Instructions: 99COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                • String ID:
                                • API String ID: 1684791173-0
                                • Opcode ID: ec0ff591f7a44de46b97f53e6c011e55b3b54e9b216352143d0cf6e100584644
                                • Instruction ID: ae94fa4abc85cacb4ad7e39a651408c42e066aad85cec571bdcb3a23d86d7b37
                                • Opcode Fuzzy Hash: ec0ff591f7a44de46b97f53e6c011e55b3b54e9b216352143d0cf6e100584644
                                • Instruction Fuzzy Hash: 7E412E31E08F8281EF659BA3AC5467E63A9FF89BA9F442075C94E467A4DF3CE405C740
                                Function 00007FFE1330D5B0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: NameName::$Name::operator+atolswprintf_s
                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                • API String ID: 2331677841-2441609178
                                • Opcode ID: 9797e925e62f8d7d60f646e305733279f9163504f8593401decf67f28b7cb35e
                                • Instruction ID: c2a86f1f8c4464779f4be3e053f8127ef35ebd3b5a375389aade826066fcaa89
                                • Opcode Fuzzy Hash: 9797e925e62f8d7d60f646e305733279f9163504f8593401decf67f28b7cb35e
                                • Instruction Fuzzy Hash: D1F1BF22E0CE028CFB15AB7685981BC27E1BF64774F4501B5DE6D36ABACE3CA544C348
                                Function 00007FFE13237FCF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 171COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_$DeallocErr_Free$AttrFormatMallocMemoryObject_StringUnicode_
                                • String ID: %s:%s:$bit fields not allowed for type %s$number of bits invalid for bit field
                                • API String ID: 2455365098-3576608231
                                • Opcode ID: 2c8a630497d9b26071984d54006c75933da3e15f2b28fdb68437a92c613d873a
                                • Instruction ID: 6751b61ccae672450ecc7889d3ef0e7755f4e0f52b08cb5a071936e233242db6
                                • Opcode Fuzzy Hash: 2c8a630497d9b26071984d54006c75933da3e15f2b28fdb68437a92c613d873a
                                • Instruction Fuzzy Hash: C6817D32A08F4289EB50EB66E4442ACB3A5FBA9BA4F104176DE1D677A4DF3CD549C300
                                Function 00007FFE126D7FFC Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 114COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                • String ID: argument 'data'$contiguous buffer$decompress
                                • API String ID: 883004049-2667845042
                                • Opcode ID: 6f5a67f52f9f9f4db097372ad2f0ef7fa7d88bdcbbd3075795eb13141a983109
                                • Instruction ID: a608e0a8d7253ecf849fe052ad4d706c2576545f8d0a016c80d42f66e7942445
                                • Opcode Fuzzy Hash: 6f5a67f52f9f9f4db097372ad2f0ef7fa7d88bdcbbd3075795eb13141a983109
                                • Instruction Fuzzy Hash: ED415021A18F4A82EA10CB13EC442B963A4FB55BA0F4442B5DE9D177F4DFBCE80AC740
                                Function 00007FFE11ED5428 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                • API String ID: 1148432870-4238462244
                                • Opcode ID: 6af88f0f7ab4189eaa2f3f439bcd14503b5b66fadfc05a0468ddcdd5e31740c8
                                • Instruction ID: 3bd3bad1c19fe057860385a67d090a610eea03c829b81aa822f5eb9fc7057d84
                                • Opcode Fuzzy Hash: 6af88f0f7ab4189eaa2f3f439bcd14503b5b66fadfc05a0468ddcdd5e31740c8
                                • Instruction Fuzzy Hash: 95514D32B18E0299EB50CFA2EC405AE37B8FB48764F541176DA5E93A68DF3CD594C740
                                Function 00007FFE13213634 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 113COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_$Arg_BufferContiguousIndexKeywordsLong_Number_Object_ReleaseSsize_tUnpackmemset
                                • String ID: argument 'data'$contiguous buffer$decompress
                                • API String ID: 2593461735-2667845042
                                • Opcode ID: 3b05843de0e9ce16ff05c83b1e5ddb82a75458333f409d7b11fcb9ec86cb24ae
                                • Instruction ID: de6ecd25e8f2d9888c78a4a0ea659c6d07e11ed45244e54c48443e88f3b63743
                                • Opcode Fuzzy Hash: 3b05843de0e9ce16ff05c83b1e5ddb82a75458333f409d7b11fcb9ec86cb24ae
                                • Instruction Fuzzy Hash: CD419122A18F5289EB50AF13E6446B963A1FBE8BA4F444171DE5D237B6DF3CE445C700
                                Function 00007FFE11ED5F88 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: SizeTuple_$Arg_Buffer_ParseRelease$AuditErr_FormatFromLong_Ssize_tSys_
                                • String ID: sendto$sendto() takes 2 or 3 arguments (%zd given)$socket.sendto$y*O:sendto$y*iO:sendto
                                • API String ID: 3528750861-2448770124
                                • Opcode ID: 6ef297011c41e40e00d0fec8183777252a493334b46fd21cb5a027fe8353a864
                                • Instruction ID: 413124e53797d864cfc4be3a928fca83c431960c4ce544e1a1d68d185bc39e74
                                • Opcode Fuzzy Hash: 6ef297011c41e40e00d0fec8183777252a493334b46fd21cb5a027fe8353a864
                                • Instruction Fuzzy Hash: 4241E875608E4695EB10CBA6EC506AA77B8FB48BA8F441176DA4D43B78DF3CE544CB00
                                Function 00007FFE11ED7148 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 50threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: String$Err_Eval_Thread$Arg_AuditFromParseRestoreSaveSizeSys_Tuple_Unicode_getservbyporthtons
                                • String ID: getservbyport: port must be 0-65535.$i|s:getservbyport$port/proto not found$socket.getservbyport
                                • API String ID: 3420281234-2618607128
                                • Opcode ID: 684d64edd5c1e662378f9cafadfeac506a1a90c000d0be84bc84ad99a05fdcb9
                                • Instruction ID: 4febc020f3f7ccda6b0471c239d27552d80ac2ceff28d6de6846b6cc200b8bac
                                • Opcode Fuzzy Hash: 684d64edd5c1e662378f9cafadfeac506a1a90c000d0be84bc84ad99a05fdcb9
                                • Instruction Fuzzy Hash: 6F212A61A08E8381EF148B97EC4467B6378FB89BA4F5020B5EA4E47678DF3DE058C700
                                Function 00007FFE1323BA14 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 126COMMON
                                Download Yara Rule
                                APIs
                                • _PyDict_GetItemIdWithError.PYTHON311 ref: 00007FFE1323BA90
                                • PyErr_Occurred.PYTHON311 ref: 00007FFE1323BAA3
                                  • Part of subcall function 00007FFE1323BA14: PySequence_GetItem.PYTHON311 ref: 00007FFE1323BAE8
                                  • Part of subcall function 00007FFE1323BA14: PySequence_GetItem.PYTHON311 ref: 00007FFE1323BAFF
                                  • Part of subcall function 00007FFE1323BA14: PyDict_Contains.PYTHON311 ref: 00007FFE1323BB27
                                  • Part of subcall function 00007FFE1323BA14: PyObject_SetAttr.PYTHON311 ref: 00007FFE1323BB3C
                                  • Part of subcall function 00007FFE1323BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1323BB4D
                                  • Part of subcall function 00007FFE1323BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1323BB5C
                                  • Part of subcall function 00007FFE1323BA14: PyErr_Format.PYTHON311 ref: 00007FFE1323BB97
                                  • Part of subcall function 00007FFE1323BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1323BBA6
                                  • Part of subcall function 00007FFE1323BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1323BBC0
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Item$Dict_Err_Sequence_$AttrContainsErrorFormatObject_OccurredWith
                                • String ID: duplicate values for field %R
                                • API String ID: 1919794741-1910533534
                                • Opcode ID: f71277947be2d2287fba46fe0b915e6ba484f6932f6352b1fb4de12eb2f3b1be
                                • Instruction ID: 26daa5a867ff13c6f972fa5cb1bda712affc1d37a0f6a368d718297f16080a0a
                                • Opcode Fuzzy Hash: f71277947be2d2287fba46fe0b915e6ba484f6932f6352b1fb4de12eb2f3b1be
                                • Instruction Fuzzy Hash: 15517D21A09E4689EE54EF27A954179A795BFE9BF4F0442B5CD1E277B4EE3CE042C300
                                Function 00007FFE1323D0A8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 123threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Free$String$Eval_Thread$BuildDeallocErr_ErrorFromInfoLocalObjectProgRestoreSaveValue
                                • String ID: iu(uuuiu)
                                • API String ID: 2817777535-1877708109
                                • Opcode ID: f3fff332be11df24bb43f445367687364f99778bf223ac6a64006d9486d4d9c8
                                • Instruction ID: 12522645fffd9e3ce3ef61e42036d0dd8cccb837e156f98ad5fa1ae5f89a14e0
                                • Opcode Fuzzy Hash: f3fff332be11df24bb43f445367687364f99778bf223ac6a64006d9486d4d9c8
                                • Instruction Fuzzy Hash: 5351C666B05E05DAEB00AF66D4943AC6370FB98FA9F008566DE0E67B68DE3CD549C340
                                Function 00007FFE132394A0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 117COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$CheckIndex_Number_OccurredSsize_tString
                                • String ID: Array does not support item deletion$Can only assign sequence of same size$indices must be integer
                                • API String ID: 428023279-3643249925
                                • Opcode ID: 67ecbcca89311aff2d866ea192ce1f612227fb21c186869f9d79deb68ba184de
                                • Instruction ID: 7e87bd3f354feda81fd851a8022861ef6df36aee349a5c19b48e7a237520f3cc
                                • Opcode Fuzzy Hash: 67ecbcca89311aff2d866ea192ce1f612227fb21c186869f9d79deb68ba184de
                                • Instruction Fuzzy Hash: 74419062B09E42C9EE44AF27D8402B59361BFA9BF4B044571DD1D677B5EE3CE485C700
                                Function 00007FFE132340BC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 108COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$AttrObject_$FastLookupSequence_
                                • String ID: '%U' is specified in _anonymous_ but not in _fields_$_anonymous_ must be a sequence
                                • API String ID: 1391743325-2678605723
                                • Opcode ID: 7250101b7d384b3603d10181ac32ac0acd4c5aaae793a49ebea8f6d5bde9a43b
                                • Instruction ID: e1026f84abd90395f7d5b6d84839e6d8567f4a1b928b1d22f11b2430150126b4
                                • Opcode Fuzzy Hash: 7250101b7d384b3603d10181ac32ac0acd4c5aaae793a49ebea8f6d5bde9a43b
                                • Instruction Fuzzy Hash: 68414131A09E02C9EA59AF27E950178A7A0FBE8BB0F0445B1DE5E672B0CF7CE455C300
                                Function 00007FFE132320E8 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 104COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Object_$DeallocErr_$AttrCallCheckClearInstanceLookupRecursiveStringUnicode_
                                • String ID: abstract class$while processing _as_parameter_$wrong type
                                • API String ID: 4206935778-1173273510
                                • Opcode ID: 961a10382abbd73e4d2a667dfe19ccb16767b9e8d8b3bad4ce0000eff4bf0ebe
                                • Instruction ID: 42f530d5a8febe3570b543090153cf008f2b4c451a8f85f1b304637e039ffbd3
                                • Opcode Fuzzy Hash: 961a10382abbd73e4d2a667dfe19ccb16767b9e8d8b3bad4ce0000eff4bf0ebe
                                • Instruction Fuzzy Hash: 1A412E22A08F42C9EA50AB2BE940179A760FBE9FA0F1481B1DA4D677B5DF7CE445C300
                                Function 00007FFE13232320 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Dict_ErrorItemOccurredWith$AttrLookupObject_$Callable_CheckLongLong_MaskSequence_StringTupleTuple_Unsigned
                                • String ID: _restype_ must be a type, a callable, or None$class must define _flags_ which must be an integer
                                • API String ID: 3087875697-2538317290
                                • Opcode ID: c02ca58e13a46a6ce0520458656b58573f0571ee4510cffb2fc4fd828f69ccf3
                                • Instruction ID: cde67432744300993460ceb0c85c74cb665fa1f94e6856817979ae872f86d12d
                                • Opcode Fuzzy Hash: c02ca58e13a46a6ce0520458656b58573f0571ee4510cffb2fc4fd828f69ccf3
                                • Instruction Fuzzy Hash: 82411021A09F42D9EA55AB27E940378A3A0FFA9B64F449175DA4D673B0EF3CE494C310
                                Function 00007FFE11ED3EA0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 89COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: BuildSizeValue_
                                • String ID: OiII$Unknown Bluetooth protocol$iy#
                                • API String ID: 1740464280-1931379703
                                • Opcode ID: 811c50eada70b53de2986ccdbf135792e8a7c51667e22f96ce3885f6766bbc49
                                • Instruction ID: 8f2f3aa4e6cb1310ee9ab97ffbb0ea7cef9e657db196f22ac8f1a3f1c018a901
                                • Opcode Fuzzy Hash: 811c50eada70b53de2986ccdbf135792e8a7c51667e22f96ce3885f6766bbc49
                                • Instruction Fuzzy Hash: 08316E65A0CE5281EF248B97ED4147AA3B8BF44BA4B4460B5CE8D47BB4DF3CE495C300
                                Function 00007FFE1323DEDC Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 76COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$FormatMem_$Arg_CallocMemoryParseReallocStringTuplememcpy
                                • String ID: Memory cannot be resized because this object doesn't own it$On:resize$excepted ctypes instance$minimum size is %zd
                                • API String ID: 2473355626-828838525
                                • Opcode ID: f25097e4f29e0a836fc8ce735c340e9b52c9a2e89e2e7b96c33704ef34719194
                                • Instruction ID: e065fb18302989824d329fea47990e8a4cf6ce3c15b5cefb0a6ba733dd4c4ed9
                                • Opcode Fuzzy Hash: f25097e4f29e0a836fc8ce735c340e9b52c9a2e89e2e7b96c33704ef34719194
                                • Instruction Fuzzy Hash: A4310D61A09F42C9EA54AB57E4A0179A370FFE8BA4F5040B2DE0E67774DF2CE494C300
                                Function 00007FFE1330AC40 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID:
                                • API String ID: 2943138195-0
                                • Opcode ID: b0c5aa40c95afe9820d08c2b3a0b3f0a0bd29e174dcc6565612d28bd398cd5cc
                                • Instruction ID: e0162b904e1511f7d83bf74f4981a89ab6610de3c9f55feb937bbd1fdf18c288
                                • Opcode Fuzzy Hash: b0c5aa40c95afe9820d08c2b3a0b3f0a0bd29e174dcc6565612d28bd398cd5cc
                                • Instruction Fuzzy Hash: 24F19D76B08A829EF711DFA6E4901FC37B0AB2435CB404171EA6D67BAACF38D555C348
                                Function 00007FFE132328F0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 197COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: LongLong_MaskTuple_Unsigned
                                • String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
                                • API String ID: 1136903700-2588965191
                                • Opcode ID: 91dd6e13f2742febeda4ec11071149d11ba9fea3fb7657fd2f121691aebacfe3
                                • Instruction ID: 3f9fe57308e7db08c08f61d7903da075a92b2ce0d043b32f6d07816c3e02518a
                                • Opcode Fuzzy Hash: 91dd6e13f2742febeda4ec11071149d11ba9fea3fb7657fd2f121691aebacfe3
                                • Instruction Fuzzy Hash: 51813B62A09F82C9EA60EF1BE440679A7A4FBE9BA4F114075DE4D63764DF3CE440C700
                                Function 00007FFE1323AA7C Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 165COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String
                                • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance$not a ctype instance
                                • API String ID: 1450464846-2159251832
                                • Opcode ID: 07203d23819d05828f358a56c03890258eda92ffb1c002cf2859f9f66371a8e9
                                • Instruction ID: d239d6b3a3e217ac91b48ea43f359e84112d9c3a9eb4e2b8a40df8daa08c7306
                                • Opcode Fuzzy Hash: 07203d23819d05828f358a56c03890258eda92ffb1c002cf2859f9f66371a8e9
                                • Instruction Fuzzy Hash: E3712961E08F468AFA10AB17E5501B9A761AFE9FE0F4484B2DE0D677B9DF2CE441C340
                                Function 00007FFE1323AEA0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 145COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_Err_ParseSizeTuple_$FormatString
                                • String ID: abstract class$is|Oz#$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes
                                • API String ID: 2189051491-1121734848
                                • Opcode ID: 3d6b330cc5c9dd7f19e068a29130591e5b204b1fdfc58b1c50816dd1f366be30
                                • Instruction ID: e34f07b0c8648f8a93af70999680504e3488d4654ccfedc446ee0ba4e177641e
                                • Opcode Fuzzy Hash: 3d6b330cc5c9dd7f19e068a29130591e5b204b1fdfc58b1c50816dd1f366be30
                                • Instruction Fuzzy Hash: 68613C72B08F1288EB44EF16E8442B8A7A4FB99BA4F544076DE0D67764DF3DE585C300
                                Function 00007FFE126E04B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 131threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockThread_free_lockTupleType_
                                • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                • API String ID: 3029081906-3984722346
                                • Opcode ID: a85dfa0caef02f5d1262db6792c50105c158a8d2907956ca3886de8a71d101bb
                                • Instruction ID: 5700aec145aa4e070901480b52dc15551ff430af254a3b6d21570eecf5949e4b
                                • Opcode Fuzzy Hash: a85dfa0caef02f5d1262db6792c50105c158a8d2907956ca3886de8a71d101bb
                                • Instruction Fuzzy Hash: 1F513B72A18F5289EB60CF16E8805B933A4FB447A4F500576DA4E23BB4DFBCE545C740
                                Function 00007FFE126DFEE4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                • PyMapping_Check.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF09
                                • PyMapping_GetItemString.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF23
                                • PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF38
                                • PyErr_Occurred.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF4B
                                • PyErr_ExceptionMatches.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFFC4
                                • PyErr_Format.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126E000D
                                • PyErr_SetString.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126E0026
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126E5792
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                • API String ID: 1881886752-3390802605
                                • Opcode ID: fcfbfba1aca14bbd9b1035f1a0f2207022cda25b4669bd02a2ebdaa53899dbf4
                                • Instruction ID: e742cc40cf0afb0255accf3334197b5dcdcb75325f6d5a38b3c13b11bb85511c
                                • Opcode Fuzzy Hash: fcfbfba1aca14bbd9b1035f1a0f2207022cda25b4669bd02a2ebdaa53899dbf4
                                • Instruction Fuzzy Hash: 3441D031A09E4B86EA64CF17AC9417963A0EF46BA0F4440B5DA8E577F4DEBCE894C341
                                Function 00007FFE12E11210 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 78threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918791017.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                • Associated: 00000002.00000002.2918770170.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918832818.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe12e10000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Eval_Long_OccurredThread$Arg_BeepKeywordsRestoreSaveStringUnpack
                                • String ID: Failed to beep$frequency must be in 37 thru 32767
                                • API String ID: 1885396276-3315544472
                                • Opcode ID: fa0dd7b857e3162ada972fc434560007a68a0468454579e2afceb8c3c9681c13
                                • Instruction ID: adfe646163763e046933e9fbd34fac2bc3e23c8a7f4d8478c3ebb2dc4ecb8c7d
                                • Opcode Fuzzy Hash: fa0dd7b857e3162ada972fc434560007a68a0468454579e2afceb8c3c9681c13
                                • Instruction Fuzzy Hash: 99313061F08E4282EF168B26EC4413A63A1FF58BA4F5401B9DA4D47774DFBCE445E712
                                Function 00007FFE11ED6A48 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditErr_FreeMem_ParseSizeStringSys_Tuple_
                                • String ID: et:gethostbyaddr$idna$socket.gethostbyaddr$unsupported address family
                                • API String ID: 1738687268-1751716127
                                • Opcode ID: 21981c606748fb82564060e3f010e4e740aac59376a10161e0d402e5c7a175be
                                • Instruction ID: c7caf61540cd3e34e453faf117a76e6d304cbd7328b98e6decb99159ecc0270b
                                • Opcode Fuzzy Hash: 21981c606748fb82564060e3f010e4e740aac59376a10161e0d402e5c7a175be
                                • Instruction Fuzzy Hash: B9312121B18E8281EF609B97FD507BB6369FB88BD4F442076DA4E47674DE3CE5448700
                                Function 00007FFE11ED5BA4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_Release$Size$Arg_BuildDeallocErr_Keywords_ParseStringTupleValue_
                                • String ID: nbytes is greater than the length of the buffer$negative buffersize in recvfrom_into$w*|ni:recvfrom_into
                                • API String ID: 252658603-4033050226
                                • Opcode ID: 9779a835a3d373f1e00e4f9253419f8f93039c6076db6d831e5c5cfbf06e46d8
                                • Instruction ID: 9ef16ef268a0b627d09c83f92a10fb23f538274bcd1a95b6f69f6b61b146e54f
                                • Opcode Fuzzy Hash: 9779a835a3d373f1e00e4f9253419f8f93039c6076db6d831e5c5cfbf06e46d8
                                • Instruction Fuzzy Hash: 86313B71A09F4281EF148B92EC446BA7378FF99BA4F40267ADA8D47664DF3DE548C700
                                Function 00007FFE126DF9FC Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                • API String ID: 3656606796-2431706548
                                • Opcode ID: ffa6f8af273f795eb267c21f1bf6000641d5ae67439a623b64a6b345da5f9bd0
                                • Instruction ID: 7317ba77f05bd161702f5d3dff2e4918dd8132f2790465386cdf1598195f8a25
                                • Opcode Fuzzy Hash: ffa6f8af273f795eb267c21f1bf6000641d5ae67439a623b64a6b345da5f9bd0
                                • Instruction Fuzzy Hash: 28315E21A08E4BC6EA10CB13DC445A96360FF44F94F9880B1CA4D576B4DFBCE949C740
                                Function 00007FFE126D84B4 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$MemoryString
                                • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                • API String ID: 60457842-2177155514
                                • Opcode ID: 63159c20350605781718367c401236f35e123d2d938f6c99af5e56eb7ef0a9b8
                                • Instruction ID: 8295fff1a68c4c2979f6a2a9a1046fb275fbe968b097210b2b688fe8afb4781f
                                • Opcode Fuzzy Hash: 63159c20350605781718367c401236f35e123d2d938f6c99af5e56eb7ef0a9b8
                                • Instruction Fuzzy Hash: C9213071E2CE1F93EAA8872B9C5C0781291EF56770F6450F5C58E015F8EEEEF9469204
                                Function 00007FFE11ED7080 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                • API String ID: 1135235387-1257235949
                                • Opcode ID: 50c410380efebb145164b2a6ee2d31ff3aa59654f6791e367b31230d43ed6af4
                                • Instruction ID: c94afea914a7216deeaa3b94184a7c1549b84e56a893cfe3c151571694eb678c
                                • Opcode Fuzzy Hash: 50c410380efebb145164b2a6ee2d31ff3aa59654f6791e367b31230d43ed6af4
                                • Instruction Fuzzy Hash: AE111A21A08E4282DF008BA3ED4067B63B9FB48BE5F442075DA8E43678DF3CE4488700
                                Function 00007FFE13302F14 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 314COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                • String ID: csm$csm$csm
                                • API String ID: 4223619315-393685449
                                • Opcode ID: 1fea5c564d133bdba3aecb898f1e2b7bc476544beebca211cb7a23793dbe9004
                                • Instruction ID: c630fb3ad157584dd759471e2564d0200c1ddb4d60426b0e87a1f27dbb105cad
                                • Opcode Fuzzy Hash: 1fea5c564d133bdba3aecb898f1e2b7bc476544beebca211cb7a23793dbe9004
                                • Instruction Fuzzy Hash: 7EE18332A08F418AEB209F66D4402AE77A4FB657B8F140175DEAD67B69CF38E584C704
                                Function 00007FFE1330E72C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Replicator::operator[]
                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                • API String ID: 3676697650-3207858774
                                • Opcode ID: ecd4a8ae6d7230611fff1dd4e64a59f99909a897cce7822f33257ee1ddf9a1a8
                                • Instruction ID: ac212884ec190afb2bc7d160dcb76d3a7dc3567689b62556e57b5811ed21911e
                                • Opcode Fuzzy Hash: ecd4a8ae6d7230611fff1dd4e64a59f99909a897cce7822f33257ee1ddf9a1a8
                                • Instruction Fuzzy Hash: 4A91AE32B08E468DFB518F26D4802BC77A0AB64B64F4445B2DAAD237B6DF3CE545C358
                                Function 00007FFE11ED4D64 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                • API String ID: 3532181676-2750947780
                                • Opcode ID: 15b8bcdde415823467fdb4a0ed8eec2ce9c2fd89354c765c19f8db92f5921497
                                • Instruction ID: df7a544d1726ae87f1b0d85e306d9ef4c6b05331fb80a6a5617712aae5ac622d
                                • Opcode Fuzzy Hash: 15b8bcdde415823467fdb4a0ed8eec2ce9c2fd89354c765c19f8db92f5921497
                                • Instruction Fuzzy Hash: C3310C32A1CE46D7EF14CBA6E84456B73A8FB84B64B502175EA4E47A78DF3CD505CB00
                                Function 00007FFE1323AD18 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememcpy
                                • String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
                                • API String ID: 111561578-4068157617
                                • Opcode ID: df2c1ae6872be876c0abca8e9306c520b908d31e559ab2d333eeb8cb4e17a471
                                • Instruction ID: 63257cf266dc211a342427cb534f10754431af3668e12a83b70977d2734605ad
                                • Opcode Fuzzy Hash: df2c1ae6872be876c0abca8e9306c520b908d31e559ab2d333eeb8cb4e17a471
                                • Instruction Fuzzy Hash: 17310962A08F46CAEB40AF57E8440B8B3A0FBA9BB4B544176DE1D27764DF3CE494C700
                                Function 00007FFE11ED5844 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_Release$Arg_Err_FromKeywords_Long_ParseSizeSsize_tStringTuple
                                • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ni:recv_into
                                • API String ID: 1544103690-1758107600
                                • Opcode ID: 4cd52dd9801ced5f390c235a0164f2c18d4f816f4ec9513556e453f9d8d8963f
                                • Instruction ID: 0e8c16562aaa14df67fd2bcaf3985e1f95d734727a41efb4134ac1b86aea041d
                                • Opcode Fuzzy Hash: 4cd52dd9801ced5f390c235a0164f2c18d4f816f4ec9513556e453f9d8d8963f
                                • Instruction Fuzzy Hash: 1C212875A08F4281EF108B92EC046BAB378FF997A4F80217ADA5E43664DF3DE548C700
                                Function 00007FFE11ED22A0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 9bbd730a66e4cbb51c460212e6bb78fa7447f27bb902fb331a2f3e6d0f89718b
                                • Instruction ID: 8c8afac7f2f9966fd6b01ed3f10c9ced28c1e0148482e636e4c2f1511eba52ea
                                • Opcode Fuzzy Hash: 9bbd730a66e4cbb51c460212e6bb78fa7447f27bb902fb331a2f3e6d0f89718b
                                • Instruction Fuzzy Hash: CF81D121E0CE4386FF50ABE79C5127B66A8AF857B0F4461B5E90D473B6DE3CE8428300
                                Function 00007FFE148E49C0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919452825.00007FFE148E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148E0000, based on PE: true
                                • Associated: 00000002.00000002.2919431632.00007FFE148E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919474473.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                • Associated: 00000002.00000002.2919496030.00007FFE148E9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe148e0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                • Instruction ID: d5254ae3607090c9aa9922ae9212d133439971e0e1d35b8b25af296d4648a1ef
                                • Opcode Fuzzy Hash: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                • Instruction Fuzzy Hash: 2F81B520E0CE0386F650AB9B98C1279E290AF87BA4F4441B5FA0D777B7DE3CE44D8610
                                Function 00007FFE12E11A70 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918791017.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                • Associated: 00000002.00000002.2918770170.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918832818.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe12e10000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 4c7286561309a84741cd185bb8b4c6dc722a4c5b797d13e239f639b5e8667d14
                                • Instruction ID: 015f8d7c3c8301343e9b3f1c9338e1e1139d76ea8579545f2c328b0216dd152c
                                • Opcode Fuzzy Hash: 4c7286561309a84741cd185bb8b4c6dc722a4c5b797d13e239f639b5e8667d14
                                • Instruction Fuzzy Hash: 1181C460E08E4385FB579B27AC412BB2690AF457A0F4441BDD90D4B3B6EFBCE441A313
                                Function 00007FFE1321A32C Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 94e1b7c85106b5dcadd5bf74e1c1f6267d6a35972fcb64925ed8eb6f2d0728e2
                                • Instruction ID: ad36105a5e58fcc0f3f34853ba2d59ca25d4202150e154bb1bbde4c642def6f0
                                • Opcode Fuzzy Hash: 94e1b7c85106b5dcadd5bf74e1c1f6267d6a35972fcb64925ed8eb6f2d0728e2
                                • Instruction Fuzzy Hash: 89819D21E0CE438EFA55BB67AA4127962E0AFE57A0F5440B5D90D633B7DE3CE946C700
                                Function 00007FFE126E3280 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 7d1f750d6ed6eebe42ab4b621007f2d866bfd9b04e451078db0824699ad10e36
                                • Instruction ID: 9284dc7e4bc082a04bc17ca80c14d3c2ae8b103d28483f391d6cbac6096636bd
                                • Opcode Fuzzy Hash: 7d1f750d6ed6eebe42ab4b621007f2d866bfd9b04e451078db0824699ad10e36
                                • Instruction Fuzzy Hash: 0581B121E0CF8386FB50EB67AC412B96690AF857A0F0445B5DA4D877F6DFBCE8658700
                                Function 00007FFE13201190 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 423331a2c39e25c209e8438f0d99a820b16d34edfd58e6d039228df5ef57337c
                                • Instruction ID: ea5f5ce08d2854118ad92ba3ab7b6b45c55898185253a55280eefe86acdd438e
                                • Opcode Fuzzy Hash: 423331a2c39e25c209e8438f0d99a820b16d34edfd58e6d039228df5ef57337c
                                • Instruction Fuzzy Hash: AC817C28E0CA438EF754BB67944127D6290AFE5BA0F2441B5EA0D677B6DE3CF84DC200
                                Function 00007FFE130C11D0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 49741281be2100ec61cea02429068dcdc2aa4a812f9568a561c19d79723e8765
                                • Instruction ID: ab34759b4aa24c2423623864389a62f7f9a8fa0c1ae0b42b4c73f15bfe66fa42
                                • Opcode Fuzzy Hash: 49741281be2100ec61cea02429068dcdc2aa4a812f9568a561c19d79723e8765
                                • Instruction Fuzzy Hash: 3081C021E1CE438EFB58AB6794412B966D3AF657A0FD441F5DA0DA77B2DF3CE4058200
                                Function 00007FFE126D7DF8 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_memmove$Bytes_DeallocErr_FreeFromMallocNoneReallocSizeString
                                • String ID:
                                • API String ID: 1989285196-0
                                • Opcode ID: 83b457ee319b1d5a6bcaa1d8783c157d6077f1d684c2cf0630f850d114755d89
                                • Instruction ID: c4c0b0e7590f1d1410a816e9902f87978212b1022146567b35a1cce387e1d6a0
                                • Opcode Fuzzy Hash: 83b457ee319b1d5a6bcaa1d8783c157d6077f1d684c2cf0630f850d114755d89
                                • Instruction Fuzzy Hash: DC515B22A09F8A86EB65CF279C5023923A4FB54FA4F144475CE8D2B7B4DF7CE8528341
                                Function 00007FFE1323B680 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 142COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CallObjectObject_
                                • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
                                • API String ID: 3040866976-3177377183
                                • Opcode ID: d8d30b96da88cef245048956aa11174a0505f3ed0a0a37e68dc2437735cc2005
                                • Instruction ID: 3bbc100253127f1bbcce42ebb5b51822fb16e1d55aaa136651968354253f97e2
                                • Opcode Fuzzy Hash: d8d30b96da88cef245048956aa11174a0505f3ed0a0a37e68dc2437735cc2005
                                • Instruction Fuzzy Hash: B7510765A08F4689EE54AF17A950279A761EFEAFE4F4840B2DE0D677B5DF2CE440C300
                                Function 00007FFE1330A4E8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                • API String ID: 2943138195-1464470183
                                • Opcode ID: f2c82fd6e231fdf3051f437846c0782e2719a4821ee929760b6b2afc08469b6e
                                • Instruction ID: 2c5287d05a4fcbdd14783e1761337ab189a89c63789d172be5e89d3d6fa62882
                                • Opcode Fuzzy Hash: f2c82fd6e231fdf3051f437846c0782e2719a4821ee929760b6b2afc08469b6e
                                • Instruction Fuzzy Hash: 6C516A32E18E56CDFB10CBA6E8801FC27B0BB24368F504275DA6D63AB5DF29E546C704
                                Function 00007FFE132316B4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 122COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Unicode_$ConcatDict_FromInternStringTuple_Update
                                • String ID: _be
                                • API String ID: 1858819020-4071763053
                                • Opcode ID: 10cbbb94ffeeef5047c8331b99db0bdcf7c3f3ec2fb3fe09a0319070b4712324
                                • Instruction ID: 66991379da71ca65cb75658f6a6e4a26f1bfe7b927cce92c2d20f3222e3bf84c
                                • Opcode Fuzzy Hash: 10cbbb94ffeeef5047c8331b99db0bdcf7c3f3ec2fb3fe09a0319070b4712324
                                • Instruction Fuzzy Hash: 78511C72A09F4689EB54AF26E940278B3B5FBA8FA0B188175CE4D17764DF3CE494C340
                                Function 00007FFE1323CE1C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 118COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE1323C4D0: _PyObject_GC_NewVar.PYTHON311(?,?,?,00007FFE1323CE4C,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323C4E7
                                  • Part of subcall function 00007FFE1323C4D0: memset.VCRUNTIME140(?,?,?,00007FFE1323CE4C,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323C534
                                  • Part of subcall function 00007FFE1323C4D0: PyObject_GC_Track.PYTHON311(?,?,?,00007FFE1323CE4C,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323C53C
                                • PyErr_NoMemory.PYTHON311(?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323CE8C
                                • _Py_Dealloc.PYTHON311 ref: 00007FFE1323CFCD
                                  • Part of subcall function 00007FFE1323F698: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1323CE69,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323F6AD
                                  • Part of subcall function 00007FFE1323F698: VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1323CE69,?,?,?,?,?,00007FFE13236CC2), ref: 00007FFE1323F6ED
                                • ffi_prep_cif.LIBFFI-8 ref: 00007FFE1323CF4E
                                • PyErr_Format.PYTHON311 ref: 00007FFE1323CF6C
                                • ffi_prep_closure.LIBFFI-8 ref: 00007FFE1323CF86
                                • PyErr_SetString.PYTHON311 ref: 00007FFE1323CFBE
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Object_$AllocDeallocFormatInfoMemoryStringSystemTrackVirtualffi_prep_cifffi_prep_closurememset
                                • String ID: ffi_prep_cif failed with %d$ffi_prep_closure failed with %d$invalid result type for callback function
                                • API String ID: 262837356-3338905684
                                • Opcode ID: d5e79a3c8a6f2ae5980b289ff7b9deb079edb7f79e81270934b3751b0593511a
                                • Instruction ID: 81861391f167de0ba28b1c1aa757ad36809f5a7ddf1fd8c5cb2ea05a7b1a2593
                                • Opcode Fuzzy Hash: d5e79a3c8a6f2ae5980b289ff7b9deb079edb7f79e81270934b3751b0593511a
                                • Instruction Fuzzy Hash: AE510C31A09E52C9EB54EF27E440679A3A0FBA8BA4F144176DE4D67678CF3CE495C380
                                Function 00007FFE11ED5E1C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_Err_Release$Arg_CheckDeadline_ParseSignalsSizeStringTuple_
                                • String ID: timed out$y*|i:sendall
                                • API String ID: 1463051379-3431350491
                                • Opcode ID: 0233282a2e0e5b505cd3ce4dbfb0ae80f2fea130364450412f972856bf191ae2
                                • Instruction ID: 933632f211d681d9ced7179f5dcee39e9f2d772f8c8b8ca5f57fe996b66cf799
                                • Opcode Fuzzy Hash: 0233282a2e0e5b505cd3ce4dbfb0ae80f2fea130364450412f972856bf191ae2
                                • Instruction Fuzzy Hash: C141EA32A08E8685EB109F97EC406AB7368FB84BE4F546076DE4E47B69DF3CE5458700
                                Function 00007FFE11ED5934 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Bytes_DeallocSizeStringTuple_$Arg_Err_FromPackParseResize
                                • String ID: negative buffersize in recvfrom$n|i:recvfrom
                                • API String ID: 3092067012-1867657612
                                • Opcode ID: 1109addb0000dc4976cb9f45841f30f465119ce44644b453f1eae205618acd3f
                                • Instruction ID: 1b99bccfe20cebd67ea75b16114eb0e9581ecb0b1b1a05cce004fd988636cacb
                                • Opcode Fuzzy Hash: 1109addb0000dc4976cb9f45841f30f465119ce44644b453f1eae205618acd3f
                                • Instruction Fuzzy Hash: 02310A71A19F4281EF548B97E89056BA7B9FF88BE4F486075EA4E47678DE3CE0448700
                                Function 00007FFE1323E0F0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocObject_$Arg_AttrCallFromMethodParseTupleUnicode_Vectorcall
                                • String ID: OO!
                                • API String ID: 3012979734-3205451899
                                • Opcode ID: b86a9e6aec3d04f9dfe7387ee9b59cc105e28f1fb880d666b22fe7cdd29bfbaf
                                • Instruction ID: 2cf73fb61ed40a3c7218b358f06a5af70c43a0f2b7ae41dada008158d4913966
                                • Opcode Fuzzy Hash: b86a9e6aec3d04f9dfe7387ee9b59cc105e28f1fb880d666b22fe7cdd29bfbaf
                                • Instruction Fuzzy Hash: 99212D72A09F46C5EE44AB17A844579A3A0FFA8FA0F044075DD4E67774EE3CE848C700
                                Function 00007FFE1323E224 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 55memoryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
                                • String ID: String too long for BSTR$unicode string expected instead of %s instance
                                • API String ID: 920172908-178309214
                                • Opcode ID: cf6aaef1cfa7e26ad3eb861eb924d9a3e9377ee2f3586ae237e535f2c803a6dc
                                • Instruction ID: 45e992d10ca7a053ce1cec7b17b72e8cb65eaf0bb8e0d9637e93bb78844d5faa
                                • Opcode Fuzzy Hash: cf6aaef1cfa7e26ad3eb861eb924d9a3e9377ee2f3586ae237e535f2c803a6dc
                                • Instruction Fuzzy Hash: 0A21E966A0DF42C9EA54AB53E854179A760BFE8BE0F1490B6DD0E63774DE3CE499C300
                                Function 00007FFE1323A080 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$DeallocString$Formatmemcpy
                                • String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
                                • API String ID: 1948958528-1866040848
                                • Opcode ID: fa96def4341ef930101010d25cc26409db7019c647d688fb077c539500109b12
                                • Instruction ID: 6486b3c8691bf7d82fb33c427f935acf0d769c0ca9d0de87be000998cfe9abec
                                • Opcode Fuzzy Hash: fa96def4341ef930101010d25cc26409db7019c647d688fb077c539500109b12
                                • Instruction Fuzzy Hash: E3211D61E08E42C9FB50AB17E940279A360FBE9FA4F149172CA4E676B5DF3CE485C301
                                Function 00007FFE11ED6C48 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 52threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Arg_AuditFreeMem_ParseRestoreSaveSizeSys_Tuple_gethostbyname
                                • String ID: et:gethostbyname_ex$idna$socket.gethostbyname
                                • API String ID: 646687969-574663143
                                • Opcode ID: 91a3a09bb96c3ec567ad4bee7220103acfbdc48aa8aae966a13cdd727d66b018
                                • Instruction ID: 1e279fbe54de5715ef042d460b13b73abc768929b576e06f42c14ed6048458b3
                                • Opcode Fuzzy Hash: 91a3a09bb96c3ec567ad4bee7220103acfbdc48aa8aae966a13cdd727d66b018
                                • Instruction Fuzzy Hash: 0E211D21B09E8291EF609BA3FC447AB6364FB88BE4F402176D94E47675DE3CE144CB00
                                Function 00007FFE11ED77F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Arg_ErrnoFromParseSizeStringTuple_inet_pton
                                • String ID: illegal IP address string passed to inet_pton$is:inet_pton$unknown address family
                                • API String ID: 907464-903159468
                                • Opcode ID: 76e364a5825f36d5229760115179826e02bb58eaa43d797573741c5185630340
                                • Instruction ID: ca3d3e1b05cef17113fbd2cdece99ba5c4fd45406128cc6300208301de602023
                                • Opcode Fuzzy Hash: 76e364a5825f36d5229760115179826e02bb58eaa43d797573741c5185630340
                                • Instruction Fuzzy Hash: 6321B965E18D8282EF50CB92EC5147B7769FB84B68B9060B6E54E47574DF3CE909C700
                                Function 00007FFE11ED4AD4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 40threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Eval_RestoreThread$ExceptionFetchMatchesResourceSaveUnraisableWarningWriteclosesocket
                                • String ID: unclosed %R
                                • API String ID: 1289403202-2306019038
                                • Opcode ID: 6ca4684e6c490ddef4b79f5831110087eb726c1f75fd13c900abb8b822a24d75
                                • Instruction ID: 23d63af6bcde46c32da5530d03d4555adf73d2fcd462c580b8a4e5d4f6a66d7c
                                • Opcode Fuzzy Hash: 6ca4684e6c490ddef4b79f5831110087eb726c1f75fd13c900abb8b822a24d75
                                • Instruction Fuzzy Hash: C511F821618E4281DF048BA3EC445AA6364FB95BB4F442375DE7E47AF8CE3CD4498340
                                Function 00007FFE13308BA4 Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID:
                                • API String ID: 2943138195-0
                                • Opcode ID: ea53d01b8add9f065da6da89440d1b5514e5cb284af6834d09ce1e9fb4639f71
                                • Instruction ID: 4fb6702be4ef589d090f8d6e914e0c1ad24f1bc27cbdc2c5117fae5eff8364d6
                                • Opcode Fuzzy Hash: ea53d01b8add9f065da6da89440d1b5514e5cb284af6834d09ce1e9fb4639f71
                                • Instruction Fuzzy Hash: 4B617C62F14B569CFB00DBA2D8801EC37B1BB247A8F404476DE6D2BAAADF78D545C344
                                Function 00007FFE13213360 Relevance: 15.1, APIs: 10, Instructions: 146COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_memmove$Bytes_DeallocFromMallocReallocSizeString
                                • String ID:
                                • API String ID: 1285943476-0
                                • Opcode ID: b1532046c9828cc468a7a84711bf2d79d67f1a2fff2fc6f6c5e67236e34e6897
                                • Instruction ID: aa7442dbb63a33fc70764812f25e41d03f1affbd2775787daaf662b01687be56
                                • Opcode Fuzzy Hash: b1532046c9828cc468a7a84711bf2d79d67f1a2fff2fc6f6c5e67236e34e6897
                                • Instruction Fuzzy Hash: 22518E22A09F8289EB51AF27960423923A5FBA8FA4F1844B5CF4D27776DF3CE451D300
                                Function 00007FFE11ED6568 Relevance: 15.1, APIs: 10, Instructions: 59networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Long$Err_FromLong_Socketclosesocket$CurrentDuplicateHandleInformationOccurredProcessWindows
                                • String ID:
                                • API String ID: 3394293678-0
                                • Opcode ID: 0edd20fb7986b937f362815becdc3353667b1d2dbe2f27d78ce67fe63332d1ae
                                • Instruction ID: bf08a4047fd03c24075f352e70367ef6484655d9ce2dad808ea42599e9aa1e9c
                                • Opcode Fuzzy Hash: 0edd20fb7986b937f362815becdc3353667b1d2dbe2f27d78ce67fe63332d1ae
                                • Instruction Fuzzy Hash: CA214120A19E4281EF645BB3AC5877B6399AF48BB4F4427B5D86E067F4DF3CE4484A00
                                Function 00007FFE133033E0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                • String ID: csm$csm$csm
                                • API String ID: 211107550-393685449
                                • Opcode ID: 688fb15556d862c72de40c94a9225dad620afe04ad3ce9f2b8c9a53cb021efd3
                                • Instruction ID: 96335f6a6680165690cbadc37fdb56ba577f5686381f27bc54374ce2f68a165e
                                • Opcode Fuzzy Hash: 688fb15556d862c72de40c94a9225dad620afe04ad3ce9f2b8c9a53cb021efd3
                                • Instruction Fuzzy Hash: BAE1A172908B818EE7109F76D4803AE77A0FB65B78F100175DAAC67BA6CF38E585C704
                                Function 00007FFE1323BBE8 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 165COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc
                                • String ID: P$wrong type
                                • API String ID: 3617616757-281217272
                                • Opcode ID: e3327ad88a9a446218fbdf097499024a9865fdc2e91cfe0628b0646d4787f104
                                • Instruction ID: 91921855a4431e9c36808b8ec57441a58483e9ef92af606c2e46401b7903d151
                                • Opcode Fuzzy Hash: e3327ad88a9a446218fbdf097499024a9865fdc2e91cfe0628b0646d4787f104
                                • Instruction Fuzzy Hash: C4714021A09F46C8FA58AF17E850179A7A1AFE9BA0F4444B1CA0E677B5DF3CE940C340
                                Function 00007FFE13231ABC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 128COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_ParseSizeTuple_$Err_Long_StringVoid$AttrAuditCallable_CheckObject_OccurredSequence_Sys_Tuple
                                • String ID: argument must be callable or integer function address$cannot construct instance of this class: no argtypes
                                • API String ID: 2570622991-2742191083
                                • Opcode ID: 540973c798f55e8bddb45151d9b86c5f877ff1e98a5e2c5b0f3278a9c8d95e1e
                                • Instruction ID: e52fa847a6f11a148b480de4e9f237b7aa54731edd4cf67ef3dfb0933d2272da
                                • Opcode Fuzzy Hash: 540973c798f55e8bddb45151d9b86c5f877ff1e98a5e2c5b0f3278a9c8d95e1e
                                • Instruction Fuzzy Hash: 53513C21A09F4289EA64BB179584279A7A5EFE9FF0F1444B1DE0E277B5EF2CE441C300
                                Function 00007FFE13211FFC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: __acrt_iob_func
                                • String ID: %d work, %d block, ratio %5.2f$ too repetitive; using fallback sorting algorithm$VUUU
                                • API String ID: 711238415-2988393112
                                • Opcode ID: 9108c4c4e2d6d5df63023b1ab5f74cbde5b98f3dbb4d4334f7fd8b373665a9e5
                                • Instruction ID: 719a1bf8f0c8ca40772a386e4da6104bc30aef7946a45f045d688982b9167d11
                                • Opcode Fuzzy Hash: 9108c4c4e2d6d5df63023b1ab5f74cbde5b98f3dbb4d4334f7fd8b373665a9e5
                                • Instruction Fuzzy Hash: E841B372A08F418BE714AF26954517977A4FBE9BA4F100276DE0E637B6DF3DE442C600
                                Function 00007FFE1330C1D8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                • API String ID: 2943138195-2239912363
                                • Opcode ID: e6d89d71e33ac373f0738e0b515b9d7d47b180a069a0d86b59b00a9470073de2
                                • Instruction ID: 672668a62cab001d9cb358a0d2a47066a5571d6c6d26e2e3de0d0ecbdc4fcd2b
                                • Opcode Fuzzy Hash: e6d89d71e33ac373f0738e0b515b9d7d47b180a069a0d86b59b00a9470073de2
                                • Instruction Fuzzy Hash: 02515E62E18F458CFF118BA2D8412BC77B4BB28724F4441B5DA6D26A76DF3C9144C718
                                Function 00007FFE130C25C8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                • API String ID: 3320488554-3996108163
                                • Opcode ID: 05e470237c1967013c16db83c877e5144c843c525c657350500e77854bb128da
                                • Instruction ID: 897d4a1924f98709312bba0c75f7e7565735dc8aaa4f8fe449576fd6daa43a8f
                                • Opcode Fuzzy Hash: 05e470237c1967013c16db83c877e5144c843c525c657350500e77854bb128da
                                • Instruction Fuzzy Hash: 08417C32619F018AEA108F1AE94413977AAFBA4BB4F4042F5DE6E53BA4DF3CE454C300
                                Function 00007FFE13232600 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CallDeallocObject_$FromFunctionLongLong_Traceback_
                                • String ID: GetResult$_ctypes/callproc.c
                                • API String ID: 2301701745-4166898048
                                • Opcode ID: 6b14f494761338040cbc18ac8ef32615b91be7de93a4bad4d1a784e7f6cbc817
                                • Instruction ID: 3d356988443be94609d9b1ebfd8a90c739c7ae1c9aa99d6b81c0cf3e5dab468e
                                • Opcode Fuzzy Hash: 6b14f494761338040cbc18ac8ef32615b91be7de93a4bad4d1a784e7f6cbc817
                                • Instruction Fuzzy Hash: 84311061A4DF42C9EE55BB1BE854179A2A0EFEDBA0F0854B4DE0E677B5DE2CE440C700
                                Function 00007FFE11ED3A8C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83networkthreadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ErrorLast$CheckErr_Eval_SignalsThread$RestoreSaveconnect
                                • String ID: 3'
                                • API String ID: 1012362816-280543908
                                • Opcode ID: 4c2aaa0c3d8159640696ba06d8d00cbee7b06f13f29e807c9c1db9180f4fbb81
                                • Instruction ID: 344689f9168b1afde5285059e57600d1f6d7ad613ecc2f9c4763ac80ed66b05f
                                • Opcode Fuzzy Hash: 4c2aaa0c3d8159640696ba06d8d00cbee7b06f13f29e807c9c1db9180f4fbb81
                                • Instruction Fuzzy Hash: 21315061B0CF4286EF644FA7AC4467B6699AF54BA4F042179DA4F82BB5DE3CE8408700
                                Function 00007FFE13239D58 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                • PyObject_IsInstance.PYTHON311(?,?,00000000,00007FFE13236BCC), ref: 00007FFE13239D73
                                • PyObject_IsInstance.PYTHON311(?,?,00000000,00007FFE13236BCC), ref: 00007FFE13239DBB
                                • PyErr_Format.PYTHON311(?,?,00000000,00007FFE13236BCC), ref: 00007FFE13239E4D
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: InstanceObject_$Err_Format
                                • String ID: ???$expected %s instance instead of %s$expected %s instance instead of pointer to %s
                                • API String ID: 215623467-1082101171
                                • Opcode ID: c42a85ef290f4f7c7dec54bd01f908c692fe1a4d2cba32a0c83425372474c043
                                • Instruction ID: aa5c9f377fb77fe11b7984062ad0e74fe53446bc8c8fad87244c9ed1abc3b9e3
                                • Opcode Fuzzy Hash: c42a85ef290f4f7c7dec54bd01f908c692fe1a4d2cba32a0c83425372474c043
                                • Instruction Fuzzy Hash: 63313A21B09E4689EA54BF27D440279A361AFEAFA4B5480B2DA0D676B4DF2CE841C340
                                Function 00007FFE132138BC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: String$Bytes_Err_FromSizeThread_allocate_lockThread_free_lock
                                • String ID: Unable to allocate lock
                                • API String ID: 1127547223-3516605728
                                • Opcode ID: c17eff7bc98fcddad25fa0aa7e8872bdeafa31c641a1adeb9191edbd123e9819
                                • Instruction ID: 35e5c2d04937b06d8a239b3bb5536fed28d2f4e4bb22b9ec67143febcbb19724
                                • Opcode Fuzzy Hash: c17eff7bc98fcddad25fa0aa7e8872bdeafa31c641a1adeb9191edbd123e9819
                                • Instruction Fuzzy Hash: 21310822A08E46C9EB54BF32D64937823A1FFA4B68F1441B5CA4D566A6DF3CE445C340
                                Function 00007FFE1323D81C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$BuildDeallocFromLong_OccurredSsize_tStringTuple_Value
                                • String ID: not a ctypes type or object$siN
                                • API String ID: 1444022424-92050270
                                • Opcode ID: 26a9fcd1b49395e45c52150cf6bc8a8343daf74cdcd0b31558393dc906a49e26
                                • Instruction ID: f7a35f8da7cad6433066b733d5cc2c52fc9447fd745576f1b0f16cb59a330763
                                • Opcode Fuzzy Hash: 26a9fcd1b49395e45c52150cf6bc8a8343daf74cdcd0b31558393dc906a49e26
                                • Instruction Fuzzy Hash: 05210C25A09F42C9EA54AB27E540279A3A0FFE8BA4F0480B5DE4E67774DF2CE581C700
                                Function 00007FFE11ED7988 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                • API String ID: 4240314503-2798848688
                                • Opcode ID: f4a3403413d0b3d7c856c31cf8b7ba7531603333823162405e1bc3dc7e5ad81e
                                • Instruction ID: 74efc5d7a0e94155c39f9ebe72056ed133c36d72abcb33fe2d020597225aadea
                                • Opcode Fuzzy Hash: f4a3403413d0b3d7c856c31cf8b7ba7531603333823162405e1bc3dc7e5ad81e
                                • Instruction Fuzzy Hash: 2D112132A19E4282EF109BA7EC5057A2369EB84BB4F0562B5DA6D477B8DF3DE4458300
                                Function 00007FFE13212780 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                • String ID: argument$compress$contiguous buffer
                                • API String ID: 1731275941-2310704374
                                • Opcode ID: b138ca2d2723dab52cb10e3a74fac2df87b6dda8ec1f7609b2bdead44722ed7b
                                • Instruction ID: ef94ab6bb6ffa30c79b6bbc3f4f55b1674acac6c1d3a1720166c12b0114e7c14
                                • Opcode Fuzzy Hash: b138ca2d2723dab52cb10e3a74fac2df87b6dda8ec1f7609b2bdead44722ed7b
                                • Instruction Fuzzy Hash: 26118162A18F42D5EB10FB26EA402B96360FBE8F94F948171E94D63676DF3CE545C700
                                Function 00007FFE126D82D0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                • String ID: argument$compress$contiguous buffer
                                • API String ID: 1731275941-2310704374
                                • Opcode ID: 811b6b6c904d654bd8e2517c08e358ce98dbe263f52e1ce30652c2761b631619
                                • Instruction ID: a3defc69a693415ba4973cd63026f01196f54a64fda1191af8cdada90f8512dc
                                • Opcode Fuzzy Hash: 811b6b6c904d654bd8e2517c08e358ce98dbe263f52e1ce30652c2761b631619
                                • Instruction Fuzzy Hash: 8A116321B08E46D2EB10CB27EC442B96361FB88BD4F9441B1D94D536B4DFBCD94AC740
                                Function 00007FFE13239FEC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
                                • String ID: byte string too long$cannot delete attribute
                                • API String ID: 1128862751-688604938
                                • Opcode ID: c0fad4b2d32ac0ab3663af02738014edb070c5b9f2759e00e789a8b2334ff090
                                • Instruction ID: 5646805b0dccb550ba20310278faefe50639b8a51c154a240c04ffbf831a3e02
                                • Opcode Fuzzy Hash: c0fad4b2d32ac0ab3663af02738014edb070c5b9f2759e00e789a8b2334ff090
                                • Instruction Fuzzy Hash: 22015E65B18D42C5EB10EB27E4401B8A360FFE8BB8F508172C95E676B4DF2DE589C700
                                Function 00007FFE11ED6FFC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_getprotobyname
                                • String ID: protocol not found$s:getprotobyname
                                • API String ID: 862796068-630402058
                                • Opcode ID: a4d0f157e69161900fd295891aa016e7b70d442cf82c6e992c0432fa93d25ec1
                                • Instruction ID: 30056e4a04ad836486def093b879685d20be583b7bfd31ccbae8aac5ea47a3b6
                                • Opcode Fuzzy Hash: a4d0f157e69161900fd295891aa016e7b70d442cf82c6e992c0432fa93d25ec1
                                • Instruction Fuzzy Hash: 9A012C25A18E8282DF549B93ED9443B63A8FF88BE5F4424B5DA4E43678DF3CE454C700
                                Function 00007FFE11ED762C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 29COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_ReleaseString$Arg_Err_FromParseSizeTuple_Unicode_inet_ntoa
                                • String ID: packed IP wrong length for inet_ntoa$y*:inet_ntoa
                                • API String ID: 1492101624-3027498899
                                • Opcode ID: ccab7d2a64d4296dd88b38da3c028862919155823b55703005afc4c29e9b2518
                                • Instruction ID: 1b603fe25e5dba9a0bfcc74d4a74f6e5af0515f694247e252cbf806d309b89a5
                                • Opcode Fuzzy Hash: ccab7d2a64d4296dd88b38da3c028862919155823b55703005afc4c29e9b2518
                                • Instruction Fuzzy Hash: 6201EC61A18E8282EF109F67EC5447A33A4FF88BA9B542175D94E43674DE3CE549C700
                                Function 00007FFE11ED75AC Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                • API String ID: 717551241-4110412280
                                • Opcode ID: b3f22b26161e9026f1be4ea104701ab941468ac977f48e4eaa3df88f05bedf50
                                • Instruction ID: 81d8a89319897fbb79ac82e6b37e01af3e75790e25be4a3177ad167a460ae081
                                • Opcode Fuzzy Hash: b3f22b26161e9026f1be4ea104701ab941468ac977f48e4eaa3df88f05bedf50
                                • Instruction Fuzzy Hash: 3C01ECA1A08D8382EF109BA7EC5057B6368EF857B5F9022B1D65E875B4DF3DE449C700
                                Function 00007FFE13235950 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 349153199-0
                                • Opcode ID: 31b097c5beb5f15cde6c2b56eb33e70b4a1a94a0495c7f4a48947f332bb9daf1
                                • Instruction ID: b7a2bf2bb7b42b4a15315e29f55565876c0f24885c526e23f368815cf8fdbaee
                                • Opcode Fuzzy Hash: 31b097c5beb5f15cde6c2b56eb33e70b4a1a94a0495c7f4a48947f332bb9daf1
                                • Instruction Fuzzy Hash: 3B817C20E0CE43CEF660BB679481279A290AFE97B4F6484B5D94D677B6DE3CE845C700
                                Function 00007FFE11ED444C Relevance: 13.6, APIs: 9, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$ErrorFromLastLongclosesocket$CheckHandleInformationLong_SignalsStringWindowsmemset
                                • String ID:
                                • API String ID: 205095079-0
                                • Opcode ID: 49c354e606523974a3277e7978bdea3490ed1b4ba92528b3e4dfffad4a66567c
                                • Instruction ID: 3c53d0b985f5e96e6ecf201a0d43b578d89ec47521dd5c2e00659f5e807cb3a1
                                • Opcode Fuzzy Hash: 49c354e606523974a3277e7978bdea3490ed1b4ba92528b3e4dfffad4a66567c
                                • Instruction Fuzzy Hash: 8A41FF31608F8281EF649BA3A8402EB63A9FF99BA4F445175DA8D06F65DF3CE4448740
                                Function 00007FFE133061AA Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                • API String ID: 1852475696-928371585
                                • Opcode ID: ca6cf6770a5e62d56dc10247fecd8c14e7675c1b430a8679457d8e3be21ba961
                                • Instruction ID: 60b89c5b4db950587437fa484d28243e3418b4fd6c44ee35e55d94f1dc30879b
                                • Opcode Fuzzy Hash: ca6cf6770a5e62d56dc10247fecd8c14e7675c1b430a8679457d8e3be21ba961
                                • Instruction Fuzzy Hash: BB51D362A19E46CAEE20CB62E8401BD6360FF64BB4F604071DAAE27779DF3CE105D304
                                Function 00007FFE126E21E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                Download Yara Rule
                                APIs
                                • PyBytes_FromStringAndSize.PYTHON311(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E222B
                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E226F
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E2286
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E22C8
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Bytes_FromSizeStringmemmove
                                • String ID: Unable to allocate output buffer.
                                • API String ID: 3327154725-2565006440
                                • Opcode ID: 3340458d321a08455f00bae92ea265ed81a2d6f26f0d373927cf6fde81a7c19e
                                • Instruction ID: 0b573a13ddc701a2f35f1de1d600c7c70fb9035a0a05d94435b28c2b68a1fbaf
                                • Opcode Fuzzy Hash: 3340458d321a08455f00bae92ea265ed81a2d6f26f0d373927cf6fde81a7c19e
                                • Instruction Fuzzy Hash: 993145B2A18E4689EB59CF13E88426D23A1FB48FE4F584472DE1D077A4CFB8E495C340
                                Function 00007FFE13306B5C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE13306D1B,?,?,00000000,00007FFE13306B4C,?,?,?,?,00007FFE13306885), ref: 00007FFE13306BE1
                                • GetLastError.KERNEL32(?,?,?,00007FFE13306D1B,?,?,00000000,00007FFE13306B4C,?,?,?,?,00007FFE13306885), ref: 00007FFE13306BEF
                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE13306D1B,?,?,00000000,00007FFE13306B4C,?,?,?,?,00007FFE13306885), ref: 00007FFE13306C08
                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE13306D1B,?,?,00000000,00007FFE13306B4C,?,?,?,?,00007FFE13306885), ref: 00007FFE13306C1A
                                • FreeLibrary.KERNEL32(?,?,?,00007FFE13306D1B,?,?,00000000,00007FFE13306B4C,?,?,?,?,00007FFE13306885), ref: 00007FFE13306C60
                                • GetProcAddress.KERNEL32(?,?,?,00007FFE13306D1B,?,?,00000000,00007FFE13306B4C,?,?,?,?,00007FFE13306885), ref: 00007FFE13306C6C
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                • String ID: api-ms-
                                • API String ID: 916704608-2084034818
                                • Opcode ID: 936032d40fa96b032ac86a2d89c5a398f87e2a2d839e469644f99c68bf1566a7
                                • Instruction ID: b59eddb25e14d76382b6555e5d46054a18ce861d2c265b77f92f34d69cde5d7e
                                • Opcode Fuzzy Hash: 936032d40fa96b032ac86a2d89c5a398f87e2a2d839e469644f99c68bf1566a7
                                • Instruction Fuzzy Hash: B331E621E1AF428AEE15DB0398005B86394FF68BB0F690575DD3D273A9DF3CE1448308
                                Function 00007FFE126DFB28 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                • PyDict_New.PYTHON311(?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFB35
                                  • Part of subcall function 00007FFE126DFC4C: PyLong_FromUnsignedLongLong.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFC64
                                  • Part of subcall function 00007FFE126DFC4C: PyUnicode_InternFromString.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFC75
                                  • Part of subcall function 00007FFE126DFC4C: PyDict_SetItem.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFC90
                                • PyErr_Format.PYTHON311(?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126E56AC
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126E56BF
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                • API String ID: 1484310907-3368833446
                                • Opcode ID: 70732c878d185871e83d032ed88e66c35bf329b642db62c29c46d98ad4e53224
                                • Instruction ID: 9be66985447a4f30070e14c874f86142b83f3f92ad07efc47674cefb4da9db7a
                                • Opcode Fuzzy Hash: 70732c878d185871e83d032ed88e66c35bf329b642db62c29c46d98ad4e53224
                                • Instruction Fuzzy Hash: 46410E71A08E0B82EA64DB17ED8407823A0EF457B4B2455B1CA5D476F4EFBDF8B58B01
                                Function 00007FFE132321A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$CallDict_Err_MakeMallocMem_MemoryObject_Update
                                • String ID: X{}
                                • API String ID: 3445980372-2140212134
                                • Opcode ID: 3f2902342c13d165ca5a04ad6b751020229967bc3c101f7663baa985dba562bd
                                • Instruction ID: 837f06482a901d60afe593dd86166a143e237f13d0db3e4637973dc6eaa4d567
                                • Opcode Fuzzy Hash: 3f2902342c13d165ca5a04ad6b751020229967bc3c101f7663baa985dba562bd
                                • Instruction Fuzzy Hash: 3D313931A0CF41C9EB55AB66E944279A790ABE9FB0F5481B4DA4D237B5DF3CE454C300
                                Function 00007FFE13231860 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$AttrCallable_CheckErr_LookupObject_String
                                • String ID: restype must be a type, a callable, or None
                                • API String ID: 1528254987-4008198047
                                • Opcode ID: 6452f5985481fdf810af319e620606f51f1d816ac9bc74436ba4aa13f9c82220
                                • Instruction ID: c4539a4f19553cbc6b0c6071ac806eef8ae664ff653c9266cedd93b20eb5403a
                                • Opcode Fuzzy Hash: 6452f5985481fdf810af319e620606f51f1d816ac9bc74436ba4aa13f9c82220
                                • Instruction Fuzzy Hash: A9312321A09F42C9FA55AB27E954378A3A4FFA9BB4F148171CA4D666B4DF2CF445C300
                                Function 00007FFE1321C5F8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                • API String ID: 1563898963-3455802345
                                • Opcode ID: 9b026c52384d1bde9e7588ce781edc70c1283e8086e1dddbc8207b2c901252c2
                                • Instruction ID: c7c9f0486687995647f4bb25ffb19a325141cbf73dc55ff685a89743d2d1e75c
                                • Opcode Fuzzy Hash: 9b026c52384d1bde9e7588ce781edc70c1283e8086e1dddbc8207b2c901252c2
                                • Instruction Fuzzy Hash: 52318B25B19F92CAEE10EB17EA400396360FBE8BB4B145271DA6E537B6DF2DE441C300
                                Function 00007FFE126E5EEC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                • PyErr_SetString.PYTHON311(?,?,?,00007FFE126E4985,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E5F24
                                • PyBytes_FromStringAndSize.PYTHON311(?,?,?,00007FFE126E4985,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E5F87
                                • PyList_Append.PYTHON311(?,?,?,00007FFE126E4985,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E5F9B
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE126E4985,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E5FBA
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE126E4985,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E5FCD
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                • API String ID: 1563898963-3455802345
                                • Opcode ID: cbe592271475072bc7a09d1f0c1d61f6da7f6cbf7ffdeb96e40daee67cd9d93a
                                • Instruction ID: 6d7edcb88e90d5bb1188a234807f7468fd46987ca5bb5fdf6cba8df75780d8de
                                • Opcode Fuzzy Hash: cbe592271475072bc7a09d1f0c1d61f6da7f6cbf7ffdeb96e40daee67cd9d93a
                                • Instruction Fuzzy Hash: 89313621A19F4682EE14CB17E8941796360FF48BB4B1442B5EA6E477F4EFBCE4428741
                                Function 00007FFE13202594 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ModuleType_$Arg_$KeywordsPositional
                                • String ID: SimpleQueue
                                • API String ID: 4181285317-3395603730
                                • Opcode ID: d95f10c0e63c29ebf7223734b2b99d6cd48966227eee888d90296c3057f4ddec
                                • Instruction ID: fdcfa7f6928e9ff811913c22759d4b76803201f6adafee691a23c3e7217d859b
                                • Opcode Fuzzy Hash: d95f10c0e63c29ebf7223734b2b99d6cd48966227eee888d90296c3057f4ddec
                                • Instruction Fuzzy Hash: 9F215C62B08F42D9EA50AF17E45416D6761EBE9FA0F4840B2DA4D67334DF3CE459C300
                                Function 00007FFE1323B5AC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CharErr_Unicode_Wide$FormatString
                                • String ID: can't delete attribute$string too long$unicode string expected instead of %s instance
                                • API String ID: 530648689-1577475929
                                • Opcode ID: 54871f426e13d62f20164b13e72e16cb3eb4130456bf9d3dcc44f832ca140448
                                • Instruction ID: e7220c1f475abd03b2e3638e0dd82855283e54480c6bad73505151dec148a4d2
                                • Opcode Fuzzy Hash: 54871f426e13d62f20164b13e72e16cb3eb4130456bf9d3dcc44f832ca140448
                                • Instruction Fuzzy Hash: 77213761A08F42CAEB50EF16E480168A761BFE8FE0F5495B6DA1D27679DF2CE485C700
                                Function 00007FFE1323EBE4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Long$Long_MaskUnsigned
                                • String ID: _ctypes/cfield.c pymem$unicode string or integer address expected instead of %s instance
                                • API String ID: 1805849926-901310697
                                • Opcode ID: 2ce16603c6b5fb28991612c657e35fb793e2d5932663eadf79fd1512b973919a
                                • Instruction ID: 83cc485432bb1730451f298ebe141c36dcd89592bd88f6a18d8f2e1095229809
                                • Opcode Fuzzy Hash: 2ce16603c6b5fb28991612c657e35fb793e2d5932663eadf79fd1512b973919a
                                • Instruction Fuzzy Hash: 4B110062A09F42C9EA44AF17E85427CA770BBECBA4F549475D90E27774EE3CE498C300
                                Function 00007FFE132137BC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lockmemmove
                                • String ID: End of stream already reached
                                • API String ID: 4192957916-3466344095
                                • Opcode ID: 9d24e192cd5e41aae34a11841e36e0bc5166bdf8702469d9357772ef0d70671f
                                • Instruction ID: 2c4ad27f7db690bb0be4d68017530b5dfe8dc96f81f04dd0299e6f887d6867e3
                                • Opcode Fuzzy Hash: 9d24e192cd5e41aae34a11841e36e0bc5166bdf8702469d9357772ef0d70671f
                                • Instruction Fuzzy Hash: F8111962A08E91C9EA14EB23EA442796765FBD8FD4F0940B1DE1E63726CF3CE455C300
                                Function 00007FFE126D93EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                • String ID: Already at end of stream
                                • API String ID: 2195683152-1334556646
                                • Opcode ID: ce52f92500c6fe885da052b533f645c54f41b536900bc0c8152ba928d3c04985
                                • Instruction ID: 320c0f284ea064d3a9fc3b663bac6e141a54abcfbf7bb0eb09f2ac4b134d6bbd
                                • Opcode Fuzzy Hash: ce52f92500c6fe885da052b533f645c54f41b536900bc0c8152ba928d3c04985
                                • Instruction Fuzzy Hash: CF112821A08E86C6EA54DB63EC441A96765FB88FE0F0840B2DE5E577B5CFBCE455C340
                                Function 00007FFE11ED56E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                • String ID: negative buffersize in recv$n|i:recv
                                • API String ID: 1342606314-3647384195
                                • Opcode ID: 0f2e265d39f511016bcec70da8533312cc5300a70e45771693c718f9922707e5
                                • Instruction ID: a276ab392dc457ff1b604ca02af233bbea72456e9085fb6bd3c42982abaf6faf
                                • Opcode Fuzzy Hash: 0f2e265d39f511016bcec70da8533312cc5300a70e45771693c718f9922707e5
                                • Instruction Fuzzy Hash: 40113765A08E42C1EF248B92EC5057BA3B8FF84BB4F542176E98D47674EE7CE049CB00
                                Function 00007FFE132126EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lock
                                • String ID: Compressor has been flushed
                                • API String ID: 1906554297-3904734015
                                • Opcode ID: 4f10c9a98a270c81542dec47670a47e5c1056ddde1cac534f6d7ef28f75aec1e
                                • Instruction ID: 5c2386e8c67482d3aecbd4389ce8ebad94d30ec4a4404aedac4bffffe303f6a7
                                • Opcode Fuzzy Hash: 4f10c9a98a270c81542dec47670a47e5c1056ddde1cac534f6d7ef28f75aec1e
                                • Instruction Fuzzy Hash: CD111971A08E52C9EB50EB13AA4417A6364FBD9FE0B044471DE1D63B26CF3CE456C340
                                Function 00007FFE126D8E10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                Download Yara Rule
                                APIs
                                • PyThread_acquire_lock.PYTHON311(?,?,?,00007FFE126D8336), ref: 00007FFE126D8E36
                                • PyThread_release_lock.PYTHON311(?,?,?,00007FFE126D8336), ref: 00007FFE126D8E68
                                • PyErr_SetString.PYTHON311(?,?,?,00007FFE126D8336), ref: 00007FFE126D8E98
                                  • Part of subcall function 00007FFE126D8364: PyType_GetModuleState.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D839F
                                  • Part of subcall function 00007FFE126D8364: PyBytes_FromStringAndSize.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D83B3
                                  • Part of subcall function 00007FFE126D8364: PyList_New.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D83C9
                                  • Part of subcall function 00007FFE126D8364: PyEval_SaveThread.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D8417
                                  • Part of subcall function 00007FFE126D8364: PyEval_RestoreThread.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D8431
                                • PyEval_SaveThread.PYTHON311(?,?,?,00007FFE126D8336), ref: 00007FFE126E4B50
                                • PyThread_acquire_lock.PYTHON311(?,?,?,00007FFE126D8336), ref: 00007FFE126E4B65
                                • PyEval_RestoreThread.PYTHON311(?,?,?,00007FFE126D8336), ref: 00007FFE126E4B6E
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                • String ID: Compressor has been flushed
                                • API String ID: 3871537485-3904734015
                                • Opcode ID: b7deaa72277dee5a18a2e9f9e61238a57d26c55f915241b82e5b3f83901528c3
                                • Instruction ID: 887b9899ce5b9d8914cbe57873bfba53e827b132ecfa0ea3611546bb8eea8c7c
                                • Opcode Fuzzy Hash: b7deaa72277dee5a18a2e9f9e61238a57d26c55f915241b82e5b3f83901528c3
                                • Instruction Fuzzy Hash: 73111C21A08E86C6EA54CB23EC446696365FB88FE0F0450B1DE5E57BB4CFBCE456C741
                                Function 00007FFE1323F574 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_$CharFormatStringUnicode_Wide
                                • String ID: one character unicode string expected$unicode string expected instead of %s instance
                                • API String ID: 3624372013-2255738861
                                • Opcode ID: a442bb40f20c3a4dd4081ba5bcb0ae0298b6afa5f68cd383e2f326c911a818c9
                                • Instruction ID: c5725ddfdb7247be625bbd7ea036f115580d422229c9b36b88fad8c11029409c
                                • Opcode Fuzzy Hash: a442bb40f20c3a4dd4081ba5bcb0ae0298b6afa5f68cd383e2f326c911a818c9
                                • Instruction Fuzzy Hash: 95110A66A08E42D9EB40AF22E844578A760FBE8FA0F149071DE4E57674DE2CD488C300
                                Function 00007FFE13212134 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_SizeThread_release_lock
                                • String ID: Repeated call to flush()
                                • API String ID: 3236580226-194442007
                                • Opcode ID: a7363f18bb3a4be2b1f04e20a3cf77806fbf112a27042f4a7a0e0242247e6c36
                                • Instruction ID: b324102b6f8f52b94de8015016ab42eda3a77190c2626c60011a3d11052937d8
                                • Opcode Fuzzy Hash: a7363f18bb3a4be2b1f04e20a3cf77806fbf112a27042f4a7a0e0242247e6c36
                                • Instruction Fuzzy Hash: E5111831A08E528AEB54AB27EA541796360FBE9FA0F048071DA1E63B66CF2CE455C740
                                Function 00007FFE126E2C80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                Download Yara Rule
                                APIs
                                • PyThread_acquire_lock.PYTHON311 ref: 00007FFE126E2CA5
                                • PyThread_release_lock.PYTHON311 ref: 00007FFE126E2CE2
                                • PyErr_SetString.PYTHON311 ref: 00007FFE126E2D0C
                                  • Part of subcall function 00007FFE126D8364: PyType_GetModuleState.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D839F
                                  • Part of subcall function 00007FFE126D8364: PyBytes_FromStringAndSize.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D83B3
                                  • Part of subcall function 00007FFE126D8364: PyList_New.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D83C9
                                  • Part of subcall function 00007FFE126D8364: PyEval_SaveThread.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D8417
                                  • Part of subcall function 00007FFE126D8364: PyEval_RestoreThread.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D8431
                                • PyEval_SaveThread.PYTHON311 ref: 00007FFE126E5E48
                                • PyThread_acquire_lock.PYTHON311 ref: 00007FFE126E5E5D
                                • PyEval_RestoreThread.PYTHON311 ref: 00007FFE126E5E66
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                • String ID: Repeated call to flush()
                                • API String ID: 3871537485-194442007
                                • Opcode ID: e0370b4e052c5b1e0d970673b0dfda24df9d5139516311bad929bed1919e6dc2
                                • Instruction ID: 9a279e9c64dca393e470b4bc7575c15b55febb34706639bdd699cff0e7a79fac
                                • Opcode Fuzzy Hash: e0370b4e052c5b1e0d970673b0dfda24df9d5139516311bad929bed1919e6dc2
                                • Instruction Fuzzy Hash: C4112121B08E82C6EA94CB27EC442796365FB88FA0F148071DA0E577B4CFBCE4568741
                                Function 00007FFE1323DC30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_CharErrorFreeFromLastLocalParseTupleUnicode_Wide
                                • String ID: <no description>$|i:FormatError
                                • API String ID: 935104296-1632374824
                                • Opcode ID: da62cbb651d4d48137c88a006a0480f238e20f846b976fc73609049c0e997912
                                • Instruction ID: 67048444633ed8497423941ae351e4ca1aa49b7c1191493b92c8b02c9e99d984
                                • Opcode Fuzzy Hash: da62cbb651d4d48137c88a006a0480f238e20f846b976fc73609049c0e997912
                                • Instruction Fuzzy Hash: E0014C61A18E828AEA54AB23A844179E2A1FFE87F0B545670D96E537F4EE3CD444C700
                                Function 00007FFE132010B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Module_$Err_ExceptionFromModuleObjectSpecTypeType_With
                                • String ID: Empty$Exception raised by Queue.get(block=0)/get_nowait().$_queue.Empty
                                • API String ID: 1138974572-1946099957
                                • Opcode ID: b734e69cca9964b11ba62dbc2179316181713867e2c5af3e713d8057d29c683d
                                • Instruction ID: 7f623d8105a890645c4406bffae660922f94c88611d53edefd4948e621efc40c
                                • Opcode Fuzzy Hash: b734e69cca9964b11ba62dbc2179316181713867e2c5af3e713d8057d29c683d
                                • Instruction Fuzzy Hash: D8019279B09F438AEA04AB27E85057E6360AFADFA4B549170CA1D267B4DF2CE05CC300
                                Function 00007FFE1323DCC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Arg_Err_FreeFromLibraryParseRestoreSaveTupleWindows
                                • String ID: O&:FreeLibrary
                                • API String ID: 204461231-2600264430
                                • Opcode ID: 078f241c74f91baaec2f50080a5493ab98081374dae74a9cab3a0cffd8d54dea
                                • Instruction ID: 4484ed92b7f92362f074a1f80b9dcd24e36ff6ffce61b4ca2fcd30832fa4069b
                                • Opcode Fuzzy Hash: 078f241c74f91baaec2f50080a5493ab98081374dae74a9cab3a0cffd8d54dea
                                • Instruction Fuzzy Hash: 9A012162A08E47CAE790AF63B840139A360FFE8BA0F1494B1D94E63634DE3CE485C300
                                Function 00007FFE1323A9E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: String$Size$AttrBuildBytes_Err_FromObject_Value_
                                • String ID: O(O(NN))$__dict__$ctypes objects containing pointers cannot be pickled
                                • API String ID: 1770468409-724424928
                                • Opcode ID: 3ee03d1d2b345c529b1bd3c85f0488fda98b0b8f69e1e8ea5ec09f1cc578dd04
                                • Instruction ID: 5974390b7d5bba50bbb6cc29697e941c23764ed8701b383b6d4d1f61991164a7
                                • Opcode Fuzzy Hash: 3ee03d1d2b345c529b1bd3c85f0488fda98b0b8f69e1e8ea5ec09f1cc578dd04
                                • Instruction Fuzzy Hash: AA010925A08F82DAEA50AB17E940069A7B0FBD9BE4F4480B1DE4D23774DF3CE195C700
                                Function 00007FFE11ED752C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_DeallocErr_ParseSizeStringTuple_if_nametoindex
                                • String ID: O&:if_nametoindex$no interface with this name
                                • API String ID: 3052430728-3835682882
                                • Opcode ID: 12e8203fb0cf7461e24a3d4e215b3143ca18e6a039aed69a66b3869146dbc896
                                • Instruction ID: c5a451020ca125977b88bbbc7349de645070eb0ec4daef05a9917ea5f1b76b1d
                                • Opcode Fuzzy Hash: 12e8203fb0cf7461e24a3d4e215b3143ca18e6a039aed69a66b3869146dbc896
                                • Instruction Fuzzy Hash: CB01EC60E48E8382EF509FA3EC9047B2368FF88BA9B5424B5D54E46274DE3DE4498310
                                Function 00007FFE11ED7920 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 26networkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                • String ID: i:ntohs$ntohs: Python int too large to convert to C 16-bit unsigned integer$ntohs: can't convert negative Python int to C 16-bit unsigned integer
                                • API String ID: 1102113319-2476431691
                                • Opcode ID: ce4feceb5a90c14b92646f1ea5f8c4eaf36e6cf8efd11a848fc75c933ffc50eb
                                • Instruction ID: b71f3efb7034a742316869df73875ab1529d8602f7a7fde37eae64921114aa0e
                                • Opcode Fuzzy Hash: ce4feceb5a90c14b92646f1ea5f8c4eaf36e6cf8efd11a848fc75c933ffc50eb
                                • Instruction Fuzzy Hash: 54F06D21E08E8391EF048B97EC9057B23A8BF457A9F9430B6C54E8B170DE3CE448D310
                                Function 00007FFE11ED72A8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 26networkCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                • API String ID: 1102113319-997571130
                                • Opcode ID: f5f3be2852d41024977e316b61593436f03594a4b4df2368eb7feee68b79267f
                                • Instruction ID: 820ee663f38b57ef8203eea5db0eb27cbffe1a766649afc012cf9ec8c641959e
                                • Opcode Fuzzy Hash: f5f3be2852d41024977e316b61593436f03594a4b4df2368eb7feee68b79267f
                                • Instruction Fuzzy Hash: CFF0F964E08EC391EF448B97EC9057B22A8BF44BA9F9034B6D94E87170DE2CF414D300
                                Function 00007FFE133029FC Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort$AdjustPointer
                                • String ID:
                                • API String ID: 1501936508-0
                                • Opcode ID: 33b9a28e85c1583a9e53f416898540066328f1663c9e5eff4cdc8514e51169f9
                                • Instruction ID: 5cabe72b289d2ef15d77cc914d3b2899c589ce7802a0abe9124ea17a682f3dd0
                                • Opcode Fuzzy Hash: 33b9a28e85c1583a9e53f416898540066328f1663c9e5eff4cdc8514e51169f9
                                • Instruction Fuzzy Hash: BC51C221E09E428DEAB6DF13D44463D63A4EF24FA0F0984B5DE6DA67B5DF2CE4418318
                                Function 00007FFE13302818 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort$AdjustPointer
                                • String ID:
                                • API String ID: 1501936508-0
                                • Opcode ID: cf0ce418dbf8095189d4875bbd922365259c44d693191a2e82a2bfde5589004d
                                • Instruction ID: 1c4009d2e94dda9ab1abcf576535b94c799963a3ef8fbf1cb0d75685b4bbd938
                                • Opcode Fuzzy Hash: cf0ce418dbf8095189d4875bbd922365259c44d693191a2e82a2bfde5589004d
                                • Instruction Fuzzy Hash: C751E332E09E4289EEA59B13D48463C6394AF24FA5F0940B5DEADA67B5DF2CE451C308
                                Function 00007FFE1323F990 Relevance: 12.1, APIs: 8, Instructions: 110COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_$FreeMalloc$Err_Memorymemcpy
                                • String ID:
                                • API String ID: 920471837-0
                                • Opcode ID: c91e9501240dbb047462beff57c3e24aa08f07d97696b8881faa54e688d9ffaf
                                • Instruction ID: c1a155fbfaa8964933b98a70b80e6ea2f6eea9a48985e6b3beb772cbcbd111dc
                                • Opcode Fuzzy Hash: c91e9501240dbb047462beff57c3e24aa08f07d97696b8881faa54e688d9ffaf
                                • Instruction Fuzzy Hash: 54513122A09F8596EB559F3595503B86360FBA8B94F049275CF9D133A6EF38E0E9C300
                                Function 00007FFE13232894 Relevance: 12.1, APIs: 8, Instructions: 105COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Tuple_
                                • String ID:
                                • API String ID: 828192933-0
                                • Opcode ID: 5e62f5604a1117c70738b5e9d10e81d038eb8c1c9d08bc44558772b595a0c4de
                                • Instruction ID: fbb4184d85ffbfa1af035a1af7edff8421ebd194413a3dafdbd1407fbc5b03a2
                                • Opcode Fuzzy Hash: 5e62f5604a1117c70738b5e9d10e81d038eb8c1c9d08bc44558772b595a0c4de
                                • Instruction Fuzzy Hash: BE419772949F42CEEEA9AF2AA814639A290FFE97B4F044175DD4D26674DF3CE484C700
                                Function 00007FFE13231178 Relevance: 12.1, APIs: 8, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dict_$DeallocObject_$AttrCallContainsErr_ErrorItemMakeOccurredUpdateWith
                                • String ID:
                                • API String ID: 3953964043-0
                                • Opcode ID: 514ed9f4908b8c8283f0e0c27daf6479cf123024387674585ac24fe74f6d228d
                                • Instruction ID: af8f4190c6c8217296a8506ee185229150d4f1086ceeb0c3ee6e98f91347833a
                                • Opcode Fuzzy Hash: 514ed9f4908b8c8283f0e0c27daf6479cf123024387674585ac24fe74f6d228d
                                • Instruction Fuzzy Hash: B8418431A09F4389EA54BB23A944279A3B0AFE9BB4F1441B4D94E267B0DF7CF085C300
                                Function 00007FFE13234D38 Relevance: 12.1, APIs: 8, Instructions: 78COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc
                                • String ID:
                                • API String ID: 3617616757-0
                                • Opcode ID: 068abb66bbfb9b3a2a685b208f6aebfac36357060354af221ed5b1c6e4112d13
                                • Instruction ID: 033d4a19dd4a6e29ee2ade579366bc7c3f7661d88d89827fee9ab5ddae920638
                                • Opcode Fuzzy Hash: 068abb66bbfb9b3a2a685b208f6aebfac36357060354af221ed5b1c6e4112d13
                                • Instruction Fuzzy Hash: 4831FD36E09D0A89FF55AF76885437863A8ABB9F38F1541F4C90E650B4CF2DA545C300
                                Function 00007FFE133057C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FileHeader_local_unwind
                                • String ID: MOC$RCC$csm$csm
                                • API String ID: 2627209546-1441736206
                                • Opcode ID: 48d146a85fba6cc68383d4a357e19a92ddcb549a58e0a70336f33e234ca841ed
                                • Instruction ID: dba2c4e36c123963029a9d43615f279b6066355cd1425f6dde5685097da2a0d9
                                • Opcode Fuzzy Hash: 48d146a85fba6cc68383d4a357e19a92ddcb549a58e0a70336f33e234ca841ed
                                • Instruction Fuzzy Hash: 01519236A0DA02CEFB609F26904137D66A0FF64BB4F141071EEAD667A9DF3CE4458705
                                Function 00007FFE1330E520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: {for
                                • API String ID: 2943138195-864106941
                                • Opcode ID: 416ecf82abdc7693f83b664dab0e642ebc660969777f9551cf3e7d4c265d34da
                                • Instruction ID: e9ccb6c7d4cd132e0ad7b601e1af0f3d725db949fa1ed3a2ed1078166f1c8dfe
                                • Opcode Fuzzy Hash: 416ecf82abdc7693f83b664dab0e642ebc660969777f9551cf3e7d4c265d34da
                                • Instruction Fuzzy Hash: D3518E72A08F859DE7019F6AD4403EC77A0EB64768F8084B1EA6C27BA6DF7CD554C318
                                Function 00007FFE126D8364 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                Download Yara Rule
                                APIs
                                • PyType_GetModuleState.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D839F
                                • PyBytes_FromStringAndSize.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D83B3
                                • PyList_New.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D83C9
                                • PyEval_SaveThread.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D8417
                                • PyEval_RestoreThread.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126D8431
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126E49C7
                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,00007FFE126D8E5E,?,?,?,00007FFE126D8336), ref: 00007FFE126E4A11
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                • String ID:
                                • API String ID: 2831925710-0
                                • Opcode ID: 691854d235e66bbadac1f6e2cba91bdc922365c1884ff6495f4c16d08c6d4b5b
                                • Instruction ID: 4f54ae568f6cc48e0cf9848c30701ad68dfe3f44fd303299098c5ccdac157d92
                                • Opcode Fuzzy Hash: 691854d235e66bbadac1f6e2cba91bdc922365c1884ff6495f4c16d08c6d4b5b
                                • Instruction Fuzzy Hash: 73416122A09F4A86EA64DB27AD4417923A4FB58B74B1402B5DE9D13BF4DF7CE855C300
                                Function 00007FFE13232050 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Object_$Dealloc$AttrInstanceLookup
                                • String ID: wrong type
                                • API String ID: 1828014136-2191655096
                                • Opcode ID: 48019a5db2fa545bbb614ff61a29e7f0ff849fa01fd9e197cdd365b54569e53e
                                • Instruction ID: 48e2534d99c076cf94ef8063cf700c1626b795712d6c65fb2179f2a4f24b5f94
                                • Opcode Fuzzy Hash: 48019a5db2fa545bbb614ff61a29e7f0ff849fa01fd9e197cdd365b54569e53e
                                • Instruction Fuzzy Hash: C0515021A19F0289FE50BB17E950179A3A1AFF9FA0F1494B1D94E677B1EF2CE584C340
                                Function 00007FFE1323BE84 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc
                                • String ID: wrong type
                                • API String ID: 3617616757-2191655096
                                • Opcode ID: bdb23b902ebc4893c2a5809fa917940e2479e1e06ed5718a6fa12672c04d635d
                                • Instruction ID: 543a8dcb5e71a1a629e5934f2cf77c9bc2ba6123d66fb5c86799eb068395669b
                                • Opcode Fuzzy Hash: bdb23b902ebc4893c2a5809fa917940e2479e1e06ed5718a6fa12672c04d635d
                                • Instruction Fuzzy Hash: 4E515F21A1DE4688FE54BF67E450179A3A0AFE8BE0F4455B1EA0E677B5EF2CE441C700
                                Function 00007FFE11ED4EAC Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                • String ID:
                                • API String ID: 591546834-0
                                • Opcode ID: a7a7f93d6c09b976a644a8703b6fda579b77e3a5ef28a09bae6b61967c8d869f
                                • Instruction ID: 9611b8f7730cd4781d25069f41c6c842ac1a84f74bc7dc764d6fdcf8fd650aa8
                                • Opcode Fuzzy Hash: a7a7f93d6c09b976a644a8703b6fda579b77e3a5ef28a09bae6b61967c8d869f
                                • Instruction Fuzzy Hash: AB417621A09E4142FF559BA6AC48BBB6298BF54BB4F5836B5DD5D43BF0DF3CE4848200
                                Function 00007FFE13219CC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Bytes_FromSizeStringmemmove
                                • String ID: Unable to allocate output buffer.
                                • API String ID: 3327154725-2565006440
                                • Opcode ID: 9c30319a8999428dde325e815d48d283bad5c3e6560c2351fca3ed9412fd7cc3
                                • Instruction ID: f4c44b3c0dc9e14b18282b9cbdf4ad98a8f389f2d611d6ca76de2fafd188e614
                                • Opcode Fuzzy Hash: 9c30319a8999428dde325e815d48d283bad5c3e6560c2351fca3ed9412fd7cc3
                                • Instruction Fuzzy Hash: 214168B2B08E4289EB15AF17D64427923A0FBA9FE4F584472DE0D2736ACF38D491C340
                                Function 00007FFE1330DB00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: NameName::atol
                                • String ID: `template-parameter$void
                                • API String ID: 2130343216-4057429177
                                • Opcode ID: 7b7e14213947c3780e213c190a7c5fdcdd2a49ff05635447eaaef3bd9456bf2e
                                • Instruction ID: 1dbfab31acc2791fc90b96aeb07c48e26e0513d8ac98a661bb20ba27a1b5074a
                                • Opcode Fuzzy Hash: 7b7e14213947c3780e213c190a7c5fdcdd2a49ff05635447eaaef3bd9456bf2e
                                • Instruction Fuzzy Hash: 64416722F08F468CFB008BA2D8512AC23B1BB687A8F541175DE2C27A6ADF7CA545C344
                                Function 00007FFE13308900 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+Replicator::operator[]
                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                • API String ID: 1405650943-2211150622
                                • Opcode ID: 463b429a368d480f938697e6d099cec3f907049628b5d1349ecbd199c78a6655
                                • Instruction ID: a85e54dba6711ee6392f70965a057f6d87e1fe45d7f77180f2ccbadfcb41c5b1
                                • Opcode Fuzzy Hash: 463b429a368d480f938697e6d099cec3f907049628b5d1349ecbd199c78a6655
                                • Instruction Fuzzy Hash: 054136B2A08F468CF7118B6AD8402BC7BB0BB24328F4445B1DAAC26775DF7CA541C709
                                Function 00007FFE1330A6E4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: char $int $long $short $unsigned
                                • API String ID: 2943138195-3894466517
                                • Opcode ID: 01c330b6d3460536b725c75710ede4031362a47bdaf6c5878ce89829e4b6ba2f
                                • Instruction ID: 90094903ec4c5cc42769b70b7642bd51984c30515e8992e740ba10c4e49d0b2a
                                • Opcode Fuzzy Hash: 01c330b6d3460536b725c75710ede4031362a47bdaf6c5878ce89829e4b6ba2f
                                • Instruction Fuzzy Hash: 6D31A272E18E418CF7028B6AD8543BD27B0BB25B68F548271DA2C62BB9CF3CD545C748
                                Function 00007FFE12E11340 Relevance: 10.6, APIs: 7, Instructions: 65threadwindowCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918791017.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                • Associated: 00000002.00000002.2918770170.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918811061.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918832818.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                • Associated: 00000002.00000002.2918854151.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe12e10000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Eval_Thread$Arg_BeepFromKeywordsLong_MessageOccurredRestoreSaveUnpackWindows
                                • String ID:
                                • API String ID: 3242593502-0
                                • Opcode ID: 07f24b71370a655276c470a65187c7b9bb43d56596acb65b92896743c918a7c1
                                • Instruction ID: 0fb56995e9131f55b47dbff9e9c63696bcf05e412e46e6ba67bd4b4a8114b04b
                                • Opcode Fuzzy Hash: 07f24b71370a655276c470a65187c7b9bb43d56596acb65b92896743c918a7c1
                                • Instruction Fuzzy Hash: 12213131B08F4282EB528B57ED4422B63A1BF48BB5F550178DE5D47BB8DFBCE444A602
                                Function 00007FFE130C1090 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocModule_State
                                • String ID:
                                • API String ID: 1903735390-0
                                • Opcode ID: a7a767094c4d1de27d1ae5cfedc4f2a8987a46609b88e723d83c121dba346a55
                                • Instruction ID: c5c7d4f3a5147a7474569e3d5601aa67c7e3ee9c19d7022071730b64ea7bfeb0
                                • Opcode Fuzzy Hash: a7a767094c4d1de27d1ae5cfedc4f2a8987a46609b88e723d83c121dba346a55
                                • Instruction Fuzzy Hash: A8210A31D09E428CEF698F77985837823EAAF75B69FA440F0CA0E651A0CF6EA5448340
                                Function 00007FFE1323D8F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Arg_FormatNumber_OccurredSsize_tTupleUnpack
                                • String ID: byref$byref() argument must be a ctypes instance, not '%s'
                                • API String ID: 169608245-1446499295
                                • Opcode ID: 1c7a6bb527df66017d67d4d6c8e7051229e04b236d9d6aec440ba77389511a69
                                • Instruction ID: 1b63bfb61e4e8c2860b354da7d1377e951cc21bf12b991f9732dfbac5caae334
                                • Opcode Fuzzy Hash: 1c7a6bb527df66017d67d4d6c8e7051229e04b236d9d6aec440ba77389511a69
                                • Instruction Fuzzy Hash: D6212A26608E028AEB10EB62E450279B7A0FBE8BB4F144675DA6D573A0DF7DD544C740
                                Function 00007FFE1323B96C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                Download Yara Rule
                                APIs
                                • PyDict_GetItemWithError.PYTHON311(?,?,00000001,00007FFE132377AC), ref: 00007FFE1323B9AD
                                • PyErr_Occurred.PYTHON311(?,?,00000001,00007FFE132377AC), ref: 00007FFE1323B9BC
                                • PyErr_Format.PYTHON311(?,?,00000001,00007FFE132377AC), ref: 00007FFE1323B9ED
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Dict_ErrorFormatItemOccurredWith
                                • String ID: not enough arguments$required argument '%S' missing
                                • API String ID: 62204369-3448764933
                                • Opcode ID: 28da8afa7e9ef03481714140949b522f70dd2a78d8c2b5e7d138b51459312286
                                • Instruction ID: 2b8dc26691eef860e4028deccabe21808c773cda4f2c74b67b030f7bed57d6b2
                                • Opcode Fuzzy Hash: 28da8afa7e9ef03481714140949b522f70dd2a78d8c2b5e7d138b51459312286
                                • Instruction Fuzzy Hash: 51114C61A0AE81C9EE55AF17E584138E770AFECBE4F1494B1DA4E26674DF2CE441C700
                                Function 00007FFE1323EB34 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CharErr_FormatUnicode_Wide
                                • String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
                                • API String ID: 2195588020-2061977717
                                • Opcode ID: 3df54ba06c241b92dbf221aa78cdec5a2b91a3063c00f8d20a6361d5b8dc2ae5
                                • Instruction ID: 7105c1d31381d3bb161e8b7344776ed845e11c21b2d3faf5a9f95f657bedc14b
                                • Opcode Fuzzy Hash: 3df54ba06c241b92dbf221aa78cdec5a2b91a3063c00f8d20a6361d5b8dc2ae5
                                • Instruction Fuzzy Hash: 40116021A09F46C5EA40AB17E884165A762BFE8FF4F149671DE1E63BB4DE3CD489C700
                                Function 00007FFE11ED6B98 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditFreeMem_ParseSizeSys_Tuple_
                                • String ID: et:gethostbyname$idna$socket.gethostbyname
                                • API String ID: 3195760359-1353326193
                                • Opcode ID: 558c1271e238177000cd76bc81e05b3b59b431a06bc453976089f167e60497e9
                                • Instruction ID: aed7bd3864509e16679ba0f48e969031a641ebc3b17f1ca5b42f2deb4e960480
                                • Opcode Fuzzy Hash: 558c1271e238177000cd76bc81e05b3b59b431a06bc453976089f167e60497e9
                                • Instruction Fuzzy Hash: 08115E61B0CE4291EF109BA3EC500AB67A8EF88BE8F402475DA4E87675DE3CE144CB00
                                Function 00007FFE13202690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Err_List_StringThread_allocate_lock
                                • String ID: can't allocate lock
                                • API String ID: 214698565-1504453919
                                • Opcode ID: fcafceefddd0f88e419e95cf8ef09139d22d98c1ab56a74a1cb33c6b488a13f5
                                • Instruction ID: ab29dbba1f7f1134fa7078c4886247c39279671a4f27780d46850e20ba9cc20f
                                • Opcode Fuzzy Hash: fcafceefddd0f88e419e95cf8ef09139d22d98c1ab56a74a1cb33c6b488a13f5
                                • Instruction Fuzzy Hash: 6201ED31909F0289EB546B26E80433D62F0EFADF69F140175CA0E66274DF3CA04DC300
                                Function 00007FFE126E12DC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                • String ID: Invalid filter specifier for delta filter$|OO&
                                • API String ID: 3027669873-2010576982
                                • Opcode ID: 90878bacd9f13685760fc8b9ce00f1e28a3ea3c9d600a870bffa52a149feef93
                                • Instruction ID: b9d3e43dfd33e0a236427084de27f85e8ebc63efda3574659aec7d759f35178b
                                • Opcode Fuzzy Hash: 90878bacd9f13685760fc8b9ce00f1e28a3ea3c9d600a870bffa52a149feef93
                                • Instruction Fuzzy Hash: 59110575A09F06CAEB00CB12EC941A933A4FB44B64F5041B6CA1D437B0EFBDE84AD750
                                Function 00007FFE126E1250 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                • String ID: Invalid filter specifier for BCJ filter$|OO&
                                • API String ID: 3027669873-3728029529
                                • Opcode ID: ea58490e6ada0fa72d2f911285e1cd579b2b5b78c071c542fe8e9c6312f04ce6
                                • Instruction ID: 685fe3de9d3f8aa1d2f15868b28756a7bacba2caa293c0b2a81a4085245f87c9
                                • Opcode Fuzzy Hash: ea58490e6ada0fa72d2f911285e1cd579b2b5b78c071c542fe8e9c6312f04ce6
                                • Instruction Fuzzy Hash: 5B011731A08F02C9EB00CB12EC845A933A4FB44764F5001B5CA1D827B4EFBCE899DB40
                                Function 00007FFE11ED7238 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                • String ID: expected int, %s found
                                • API String ID: 3347179618-1178442907
                                • Opcode ID: 893823f66e6f6138382749383a10c6f8a354538b557eed5e75274922f4b27436
                                • Instruction ID: 368ae769d8f50bd2c70b369dd1ddde12ad50290b58ffd24238840181f0d53559
                                • Opcode Fuzzy Hash: 893823f66e6f6138382749383a10c6f8a354538b557eed5e75274922f4b27436
                                • Instruction Fuzzy Hash: ECF03160E48F8282EF549BE3AC8457A2364BF49FA5F5426B9D54E433B0CE3CE4988300
                                Function 00007FFE11ED78B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                • String ID: expected int, %s found
                                • API String ID: 3347179618-1178442907
                                • Opcode ID: a3453a56261eb3c186c7b8bdd434c21c6932fca0058d9441addc655e6fad4964
                                • Instruction ID: cb424f5fa6908e9006310cbd2622efb480fc2c3d12ce8216f3270d97219ead9d
                                • Opcode Fuzzy Hash: a3453a56261eb3c186c7b8bdd434c21c6932fca0058d9441addc655e6fad4964
                                • Instruction Fuzzy Hash: 39F01D24E08E4282EF549BA7EC4557A63A8BF48BA9F5425B9D54E432B0CF3CE488D300
                                Function 00007FFE1321C748 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • 1.0.8, 13-Jul-2019, xrefs: 00007FFE1321C75B
                                • bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth, xrefs: 00007FFE1321C768
                                • *** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac, xrefs: 00007FFE1321C78A
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: __acrt_iob_func$__stdio_common_vfprintfexit
                                • String ID: bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth$*** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac$1.0.8, 13-Jul-2019
                                • API String ID: 77255540-989448446
                                • Opcode ID: 39f94f7b81e53d96969a5455d7e6e9458db4137e20d4da26f7d9a91deb3b3694
                                • Instruction ID: 3821199ec5abff166b88802b4951d126486f32842c356d5275fe0bea1ff294ac
                                • Opcode Fuzzy Hash: 39f94f7b81e53d96969a5455d7e6e9458db4137e20d4da26f7d9a91deb3b3694
                                • Instruction Fuzzy Hash: 69E09B54A18D179AFF18B763DA552741355AFF4770F000479C90D272B3DD7C2505C341
                                Function 00007FFE13212CF8 Relevance: 9.1, APIs: 6, Instructions: 116threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocEval_Thread$Bytes_FromList_RestoreSaveSizeString
                                • String ID:
                                • API String ID: 722544280-0
                                • Opcode ID: ea514226ac897717a144e055f78113507add513ccc51a98260a4e0d553d29f9f
                                • Instruction ID: f788b4ae3f094fee51f9a01585f9da53204a3eb97d898b37071f568702152e04
                                • Opcode Fuzzy Hash: ea514226ac897717a144e055f78113507add513ccc51a98260a4e0d553d29f9f
                                • Instruction Fuzzy Hash: D1417362A08F529AEB64AB27D65413923A0BBE9B70F140275DE5D637E2DF3CE451C340
                                Function 00007FFE13306570 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                • String ID:
                                • API String ID: 3741236498-0
                                • Opcode ID: de3a4ec1d6e9946eef6b348e6d8a6ead344041b39e9dfd9c2ce66c677152b10d
                                • Instruction ID: 2abd51acf7504de9a0fb0948674c226e6980d64a5f2363c889b8d7029f3655ab
                                • Opcode Fuzzy Hash: de3a4ec1d6e9946eef6b348e6d8a6ead344041b39e9dfd9c2ce66c677152b10d
                                • Instruction Fuzzy Hash: 6431D022B19F9588EB118B27A8045AD6394FF28FF4B694671DE3D133A5EE3DE442C304
                                Function 00007FFE1323C050 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocDict_$CallErr_FormatFromItemLong_MakeObject_Unicode_Voidstrchr
                                • String ID:
                                • API String ID: 4054517332-0
                                • Opcode ID: 183dbe4e66a78b5f82bf9fcbdc5b815f8fe5dd19242b5949e3bcf8ed559180f2
                                • Instruction ID: 5a1c7ac49e8e038e73d8dbbc6ac32d80d96de2e93aea1577ac4e25b5980f12d6
                                • Opcode Fuzzy Hash: 183dbe4e66a78b5f82bf9fcbdc5b815f8fe5dd19242b5949e3bcf8ed559180f2
                                • Instruction Fuzzy Hash: D1315E21A09F528AEE54BB27E950139A3A0AFE9FA4F0844B0DE4D637B4DF3CE451D300
                                Function 00007FFE126DFC4C Relevance: 9.0, APIs: 6, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • PyLong_FromUnsignedLongLong.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFC64
                                • PyUnicode_InternFromString.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFC75
                                • PyDict_SetItem.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126DFC90
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126E570B
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126E571A
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE126DFB59,?,?,?,00007FFE126DFB06,?,?,?,?,?,00007FFE126DFA91), ref: 00007FFE126E5729
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$FromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                • String ID:
                                • API String ID: 3020515806-0
                                • Opcode ID: c847377e0c30213919ae0cafa2e2e070b307b0daf8a79d31818a3950cd87b446
                                • Instruction ID: 8630ab1fb93fcb7078bb700931c9b7db39cfe34765f661d936d1d9f77e581ba5
                                • Opcode Fuzzy Hash: c847377e0c30213919ae0cafa2e2e070b307b0daf8a79d31818a3950cd87b446
                                • Instruction Fuzzy Hash: A3012D21E1CE47C7EA648B27AD580392294AF4AFF0B1855B4DD5E477F4DFACE8158340
                                Function 00007FFE11ED3CC4 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                • String ID:
                                • API String ID: 863680558-0
                                • Opcode ID: 512bd52ceaf9c0de34ffa74ee59c230cdbc7db2c8c488b05b8fb4fcd4203aa17
                                • Instruction ID: a8cabcd5a5ec63781b1820d8786ff784855f2907b3e64d7392336b9b957b35a9
                                • Opcode Fuzzy Hash: 512bd52ceaf9c0de34ffa74ee59c230cdbc7db2c8c488b05b8fb4fcd4203aa17
                                • Instruction Fuzzy Hash: 98016721B18E8282EB149BA7FC4452B63B4FF88BF4B506175E94E43778CE3CE4958710
                                Function 00007FFE11ED64F0 Relevance: 9.0, APIs: 6, Instructions: 33threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                • String ID:
                                • API String ID: 586723380-0
                                • Opcode ID: efd93951f5ba0042c1773d41bbcb51adbf44491de160b19c8b4e08a2f928464e
                                • Instruction ID: a99df947c1dc85349c6faaaa45c0297bb983ad09c4f38311f06fe530b7847a52
                                • Opcode Fuzzy Hash: efd93951f5ba0042c1773d41bbcb51adbf44491de160b19c8b4e08a2f928464e
                                • Instruction Fuzzy Hash: 96013660A18E4381EF145BE7AD4843B2359AF18BB0F842AB1C92E433F8DE3CA4848610
                                Function 00007FFE132337B0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 257COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_StringSubtypeType_
                                • String ID: has no _stginfo_
                                • API String ID: 402260271-2912685656
                                • Opcode ID: 9230919844186ca5f41c7b1a63fcb82edb38cf4c596bbf94e99535158fbb2ad0
                                • Instruction ID: 4161b2da803768981d611449dae00972e923dc3cb349524cbf955593902b0ec0
                                • Opcode Fuzzy Hash: 9230919844186ca5f41c7b1a63fcb82edb38cf4c596bbf94e99535158fbb2ad0
                                • Instruction Fuzzy Hash: 67B19D72A09F85CAEB64DF26E450239A7A4FBE8BA4F008475DA4E67764DF3CE554C300
                                Function 00007FFE13303AEC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort$CallEncodePointerTranslator
                                • String ID: MOC$RCC
                                • API String ID: 2889003569-2084237596
                                • Opcode ID: bc23f9d190e68b0d649da4772cf0aebac2cf99f7a7c8ea39b120ae49b64f19ea
                                • Instruction ID: 326d3941624eb4f4654d34e34e94ab3b7b0006a6b91d7bb9377ee6021ef51a68
                                • Opcode Fuzzy Hash: bc23f9d190e68b0d649da4772cf0aebac2cf99f7a7c8ea39b120ae49b64f19ea
                                • Instruction Fuzzy Hash: B491B073A08B818EE710CB66E8402ED7BA0F7147A8F10416AEB9D67765DF3CD195CB04
                                Function 00007FFE1330BF20 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                • API String ID: 2943138195-757766384
                                • Opcode ID: e51d893b916fd38dc1e020bc8963aa6f83aa847b46c3d095f24d6897074767ca
                                • Instruction ID: 3470b0e646a333e69aaeb4d717300d8f52499d325176337470f8d3607131c1b3
                                • Opcode Fuzzy Hash: e51d893b916fd38dc1e020bc8963aa6f83aa847b46c3d095f24d6897074767ca
                                • Instruction Fuzzy Hash: 2D718C72A08F428CEB188F66D9510BC67A1BB247A4F4446B5DA6D67BB5DF3CE250C308
                                Function 00007FFE133038D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort$CallEncodePointerTranslator
                                • String ID: MOC$RCC
                                • API String ID: 2889003569-2084237596
                                • Opcode ID: 227e5baf7e5e9155f58c31c3fecc157e2e687fbe3eaaf077a93d355b17988fc2
                                • Instruction ID: 176e9d78bc7e40ec9cda7de04e052aef424332218d2d147dc983e32a2a8ecd07
                                • Opcode Fuzzy Hash: 227e5baf7e5e9155f58c31c3fecc157e2e687fbe3eaaf077a93d355b17988fc2
                                • Instruction Fuzzy Hash: 5D615E32A08F458AE710CF66D4403AE77A0F754BA8F044265DEAD27BA9CF78E155C704
                                Function 00007FFE13213A90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID:
                                • String ID: combined CRCs: stored = 0x%08x, computed = 0x%08x$ {0x%08x, 0x%08x}
                                • API String ID: 0-2474432645
                                • Opcode ID: 69a7ee2d0339cf96717ad35ba872c5bfcdb46555bf6c34d719e37fdf827b1516
                                • Instruction ID: af84f1b44995759645c09ef0db14dc7b70ac35c5408582dc2efd9287f47e2516
                                • Opcode Fuzzy Hash: 69a7ee2d0339cf96717ad35ba872c5bfcdb46555bf6c34d719e37fdf827b1516
                                • Instruction Fuzzy Hash: C2417031A0CD42CEEB60AF26A24027933A1EBA4B74F1441B5DB1E672E7DF7CA945C710
                                Function 00007FFE132324A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • PyMem_Malloc.PYTHON311(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00007FFE13233784), ref: 00007FFE132324ED
                                • PyMem_Free.PYTHON311(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00007FFE13233784), ref: 00007FFE132325DB
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_$FreeMalloc
                                • String ID: %zd)$%zd,
                                • API String ID: 3308143561-2233965340
                                • Opcode ID: 97bbcc1d359357e3c252192984d3b0109526b27b564f2bbea6cf16545a3b7b27
                                • Instruction ID: ea32cf7fad7e277a86ea1eaefe90a903b12157b8eae74f39e5fe2b77c226af08
                                • Opcode Fuzzy Hash: 97bbcc1d359357e3c252192984d3b0109526b27b564f2bbea6cf16545a3b7b27
                                • Instruction Fuzzy Hash: 5B41F622A08B8189EF15AF12E4102B9A790FFAAFE4F884171DE5D677A1DF3CE145C300
                                Function 00007FFE126DFE00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • PySequence_Size.PYTHON311(00000000,00007FFDFB926CC8,00000000,00007FFE126DFDB0), ref: 00007FFE126DFE28
                                • PySequence_GetItem.PYTHON311 ref: 00007FFE126DFE5B
                                  • Part of subcall function 00007FFE126DFEE4: PyMapping_Check.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF09
                                  • Part of subcall function 00007FFE126DFEE4: PyMapping_GetItemString.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF23
                                  • Part of subcall function 00007FFE126DFEE4: PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF38
                                  • Part of subcall function 00007FFE126DFEE4: PyErr_Occurred.PYTHON311(?,?,?,?,?,?,?,00007FFE126DFE77), ref: 00007FFE126DFF4B
                                • PyErr_Format.PYTHON311 ref: 00007FFE126E5761
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                • String ID: Too many filters - liblzma supports a maximum of %d
                                • API String ID: 1062705235-2617632755
                                • Opcode ID: de739252f705775659eaa313a5e663d0679b8c2fa46ad5978c51ae0de71ab62c
                                • Instruction ID: ebe331ebd6ef29207f4cb1c14ff5b34293b36fc64ffb57b21a871f6a2be5bfb1
                                • Opcode Fuzzy Hash: de739252f705775659eaa313a5e663d0679b8c2fa46ad5978c51ae0de71ab62c
                                • Instruction Fuzzy Hash: 5221D321B08F4A97EA648B37AC401766291AF85BF4F180771DDBE067F6DEBCE4418340
                                Function 00007FFE126E146C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$FormatOccurred
                                • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                • API String ID: 4038069558-4068623215
                                • Opcode ID: 0db2b0dc6cbac79c2c76d694d79f1112586503952ca458f3df477c0a8a152a16
                                • Instruction ID: 0138e491c37e30a5336ea83498efa725d8945a4fbf0840370fb330f01b910be6
                                • Opcode Fuzzy Hash: 0db2b0dc6cbac79c2c76d694d79f1112586503952ca458f3df477c0a8a152a16
                                • Instruction Fuzzy Hash: 25218D61A1CE46C1EA20DB27EC507B92350BF89BB4F5012B1D96E477F6EEECE9058700
                                Function 00007FFE1323A3C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$FormatInstanceObject_String
                                • String ID: Pointer does not support item deletion$expected %s instead of %s
                                • API String ID: 341772743-2046472288
                                • Opcode ID: 56d4fabad618d8a5c8e6f1fde8dcb41e7996936431b442245916351dcbdf5c73
                                • Instruction ID: b314ea1012328e720f32bda10acd19202fcb2bf828afa3f657b048611dccf457
                                • Opcode Fuzzy Hash: 56d4fabad618d8a5c8e6f1fde8dcb41e7996936431b442245916351dcbdf5c73
                                • Instruction Fuzzy Hash: 59212161A08F42C9FA44AB6BE4440B9A760FFE9BA4F148572DE1D673B5DE3CD585C300
                                Function 00007FFE1323DB58 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Arg_FromLongLong_ParseTuple
                                • String ID: OO:CopyComPointer
                                • API String ID: 1908940310-822416302
                                • Opcode ID: a50de67720cd425b58803957e1784c7b340943145018a53cdb6de08dc5e3c1c0
                                • Instruction ID: a376b98f998e9436279e85116dfe3cce5a09041e6095d9610e26462759ef22ea
                                • Opcode Fuzzy Hash: a50de67720cd425b58803957e1784c7b340943145018a53cdb6de08dc5e3c1c0
                                • Instruction Fuzzy Hash: C3212432A08F4689EB55AF76D8401BCA371FBA8B78F084675DE5D676A4CE3CE455C300
                                Function 00007FFE132357CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dict_Err_NextString
                                • String ID: args not a tuple?$too many initializers
                                • API String ID: 1977209248-2791065560
                                • Opcode ID: f4fd08385035d02860af40dbb96f0e851c8c10ea306c559d0ae5fa500cb6d0af
                                • Instruction ID: 30ef0b164e060a566288e32946e55beb34b590baa42dae13778d2ac01a4d260a
                                • Opcode Fuzzy Hash: f4fd08385035d02860af40dbb96f0e851c8c10ea306c559d0ae5fa500cb6d0af
                                • Instruction Fuzzy Hash: E3213C61A08F42C5EA50AB16E4403A9A7A0FBA9BF4F144372E96D636F4CF7CE585C701
                                Function 00007FFE13212354 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_$CheckErr_KeywordsLong_OccurredPositional
                                • String ID: BZ2Compressor
                                • API String ID: 1699739194-1096114097
                                • Opcode ID: 428fb968040cf0367ecb5975a9571f17589fde077a9351a0a9a78da93643c136
                                • Instruction ID: bf02c84a1ed2ba7556ff982f836fa270dce08cfef8b68a22a90b1fe6200b71fe
                                • Opcode Fuzzy Hash: 428fb968040cf0367ecb5975a9571f17589fde077a9351a0a9a78da93643c136
                                • Instruction Fuzzy Hash: 1D119671B08F428EEA207F13A640179A260FFE5BA0F444171EA5DA36B7CF2CE444C340
                                Function 00007FFE1323E008 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                • String ID: ctypes.set_errno
                                • API String ID: 928689845-1564666054
                                • Opcode ID: 59a8a5489d63178a80b732e192b127fc94092e90c4c175c04c3ca01ed042f338
                                • Instruction ID: b85b330b3fae585419d0a3d83cedc3a3b49c76634a4d931267ced6a96d2597aa
                                • Opcode Fuzzy Hash: 59a8a5489d63178a80b732e192b127fc94092e90c4c175c04c3ca01ed042f338
                                • Instruction Fuzzy Hash: 78118661F18E46C6EF54AB63E8844B9A360EFE97A0F485071DE0D66270DE2CE5C9C700
                                Function 00007FFE1323E0B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                • String ID: ctypes.set_last_error
                                • API String ID: 928689845-913187751
                                • Opcode ID: f23f19bccc13864e0ba767f98ec326220a154fbbf3424597505e894eb8dd0003
                                • Instruction ID: e4b635b3fc1e6b1fe4bbca3e29e03ba473884836aae109b4e47dd93174abdd62
                                • Opcode Fuzzy Hash: f23f19bccc13864e0ba767f98ec326220a154fbbf3424597505e894eb8dd0003
                                • Instruction Fuzzy Hash: B5118A61F18F46C6EF54AB63E8840B96360DFE9761F485075DE0D662B0DE2CE5C9C700
                                Function 00007FFE1323B8B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46stringCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_FormatSubtypeType_Unicode_strchr
                                • String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
                                • API String ID: 3500358371-2360062653
                                • Opcode ID: fceb702919c06022e64addd7c9aaba2d34447d85d2b2cb0159e7ba4236f850e0
                                • Instruction ID: 4a2801b4aae0f5ae108bd190a8481f71c15514f14b173e81b17aa2371d5c6f81
                                • Opcode Fuzzy Hash: fceb702919c06022e64addd7c9aaba2d34447d85d2b2cb0159e7ba4236f850e0
                                • Instruction Fuzzy Hash: 80111F21A08E4788EB00AF17E450678A360EFE9FA4F4490B2DD5D67775DE2CE484C700
                                Function 00007FFE1323C174 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44stringCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_FormatSubtypeType_Unicode_strchr
                                • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                • API String ID: 3500358371-1038790478
                                • Opcode ID: 00c494f3386268376c83a7897981a44eeb5e2169e225d7a55c5354403a66d736
                                • Instruction ID: 03a338c0bffe3430d7df1b02494f67b7d7da80436a3ba608dbb58ffa7a0cc2d4
                                • Opcode Fuzzy Hash: 00c494f3386268376c83a7897981a44eeb5e2169e225d7a55c5354403a66d736
                                • Instruction Fuzzy Hash: 8D110A61A09F5288FF14BB679850678A3A0AFE9FA5F4440B5C94D673B4EF2CE985D300
                                Function 00007FFE132123CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41threadCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_StringThread_allocate_lockThread_free_lockmemset
                                • String ID: Unable to allocate lock$compresslevel must be between 1 and 9
                                • API String ID: 681419693-2500606449
                                • Opcode ID: 60b2f2588c32191dab62882afd88846cf50051bc512abb92ff4babc415602f46
                                • Instruction ID: c9a5aa9241d4943f89e292f018ce532fba26bdb66b33f0464a66504b803b4ead
                                • Opcode Fuzzy Hash: 60b2f2588c32191dab62882afd88846cf50051bc512abb92ff4babc415602f46
                                • Instruction Fuzzy Hash: AF110D31A18E06DAEB10BB26E68037863A4FFE8B64F5441B5D91D562B6EF3CE444C380
                                Function 00007FFE11ED5D1C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                • String ID: y*|i:send
                                • API String ID: 3302300731-3140140677
                                • Opcode ID: 65f0f47cc3e35a20b7a47ff68169340699073e0cd887fd1f95b4273f027bc594
                                • Instruction ID: f10865168ebc5f8a35f0074f2f8569b5745c0d6cb67cef8e1d3d6a465c2f1756
                                • Opcode Fuzzy Hash: 65f0f47cc3e35a20b7a47ff68169340699073e0cd887fd1f95b4273f027bc594
                                • Instruction Fuzzy Hash: FD115A32608F4582EB108FA2E8447AB73B8FB88794F501176DA8D83764DF3DD449CB50
                                Function 00007FFE13234F94 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                Download Yara Rule
                                APIs
                                • PyObject_GetAttrString.PYTHON311(?,?,?,00007FFE13234F7C), ref: 00007FFE13234FA8
                                • PyDict_New.PYTHON311(?,?,?,00007FFE13234F7C), ref: 00007FFE13234FBC
                                • PyErr_NewException.PYTHON311(?,?,?,00007FFE13234F7C), ref: 00007FFE13234FDA
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323504E
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235065
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323507D
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132350A0
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132350C6
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132350EC
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235112
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235138
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE1323515E
                                  • Part of subcall function 00007FFE13235028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235181
                                  • Part of subcall function 00007FFE13235028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132351A7
                                  • Part of subcall function 00007FFE13235028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132351CD
                                  • Part of subcall function 00007FFE13235028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE132351F3
                                  • Part of subcall function 00007FFE13235028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13234FF4,?,?,?,00007FFE13234F7C), ref: 00007FFE13235219
                                  • Part of subcall function 00007FFE13235304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323532F
                                  • Part of subcall function 00007FFE13235304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235366
                                  • Part of subcall function 00007FFE13235304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323538B
                                  • Part of subcall function 00007FFE13235304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132353AA
                                  • Part of subcall function 00007FFE13235304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132353CC
                                  • Part of subcall function 00007FFE13235304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE132353EB
                                  • Part of subcall function 00007FFE13235304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323540D
                                  • Part of subcall function 00007FFE13235304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE1323542C
                                  • Part of subcall function 00007FFE13235304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235451
                                  • Part of subcall function 00007FFE13235304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235470
                                  • Part of subcall function 00007FFE13235304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1323500E,?,?,?,00007FFE13234F7C), ref: 00007FFE13235495
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Module_ReadyType_$Object$FromLongLong_$Type$AttrDict_Err_ExceptionObject_String
                                • String ID: _unpickle$ctypes.ArgumentError
                                • API String ID: 4217053054-165408235
                                • Opcode ID: 32827969c832a808a66d5017e69f26ea533dafa79bf6c295bc1895e8a6d04efa
                                • Instruction ID: db3d846e8d8591631f2b30d0e09655b1eb52a4db628c5eef09286e004a56bf11
                                • Opcode Fuzzy Hash: 32827969c832a808a66d5017e69f26ea533dafa79bf6c295bc1895e8a6d04efa
                                • Instruction Fuzzy Hash: C4014020E29F03CAFA50BB67E840175A294BFEC760F5481B4C80D227B1EF3DE085C200
                                Function 00007FFE13235820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Dict_Err_ItemUnraisableWrite
                                • String ID: on calling _ctypes.DictRemover
                                • API String ID: 2766432985-2232269487
                                • Opcode ID: 256ea331e05c61a4a808f1e36cd886345c9bade03a7633d5d0aea444e30aedf2
                                • Instruction ID: ec05ff619d7a3317c53734ce6bd460106892ffdfb356ffada3b2c8fab1f7cfd8
                                • Opcode Fuzzy Hash: 256ea331e05c61a4a808f1e36cd886345c9bade03a7633d5d0aea444e30aedf2
                                • Instruction Fuzzy Hash: 5C01ED61E09E06C9FF5DAB67A85433862A0EFE9B64F284971C91E261B0CF2CE595C740
                                Function 00007FFE1323B368 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FormatFromUnicode_$Dealloc
                                • String ID: %s(%R)$<%s object at %p>
                                • API String ID: 1714529502-296555854
                                • Opcode ID: 7e64ef3b32a657b11c2f44244a8f51ce1e0c9cec8aec46fab4d60a3fe1e5b4e0
                                • Instruction ID: a04119da964fb01b91ed232ea433dd9516e3f9b5fc21c27a0e77a51c3c84a3a1
                                • Opcode Fuzzy Hash: 7e64ef3b32a657b11c2f44244a8f51ce1e0c9cec8aec46fab4d60a3fe1e5b4e0
                                • Instruction Fuzzy Hash: 15010C66A09E42C9DE04AF17E48006DA360FFACFE4B049172CE0D277B4DE2CE895C300
                                Function 00007FFE1323C938 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_File_ObjectPrintS_vsnprintfStringSys_Write
                                • String ID: stderr
                                • API String ID: 1103062482-1769798200
                                • Opcode ID: 9a0837009893c9ce3f6b921fad968050c61bacc10e62fde9b4fb5cee5af4f5c7
                                • Instruction ID: 5585569ef0c69956d63970859c481b15e3354529f4461496ad8d1e8b3e2f0b9f
                                • Opcode Fuzzy Hash: 9a0837009893c9ce3f6b921fad968050c61bacc10e62fde9b4fb5cee5af4f5c7
                                • Instruction Fuzzy Hash: 4A011E32A18F81D5EA20AB12F4953A9B360FBE8B60F454076C98D13374DF3CE594C640
                                Function 00007FFE1323F4E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Format$memcpy
                                • String ID: bytes too long (%zd, maximum length %zd)$expected bytes, %s found
                                • API String ID: 437140070-1985973764
                                • Opcode ID: d9cd41fcd4a9d7115470baacfbcd2da228f5ee59300fb10d52ed7cf167236025
                                • Instruction ID: 73ba4d01e766dfa77825d6b497cde5fb2cfc6775726259700de274d1d01906ae
                                • Opcode Fuzzy Hash: d9cd41fcd4a9d7115470baacfbcd2da228f5ee59300fb10d52ed7cf167236025
                                • Instruction Fuzzy Hash: E201E1A1E08E46DDEA50AF57E490678A360BFE9B74F5052B2C95D772F0CE2CE499C300
                                Function 00007FFE130C1120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Module_$FromInternObjectStateStringUnicode_
                                • String ID: close$error
                                • API String ID: 4029360594-371397155
                                • Opcode ID: d1d56f56bfa3555b9ef12796d8bede51d7c66017a5d4b22be61f28461ee977ed
                                • Instruction ID: 56f27c8f8f3edc93603da42c9ab807af5cac6d64684d4ffb6717e49b79c089ef
                                • Opcode Fuzzy Hash: d1d56f56bfa3555b9ef12796d8bede51d7c66017a5d4b22be61f28461ee977ed
                                • Instruction Fuzzy Hash: 01F03031A29E4799EE048B6AF4540A923E1FF19BA4B8441F5DD1D563B0DF3CD1588300
                                Function 00007FFE1323D770 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 25COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AuditErr_StringSubtypeSys_Type_
                                • String ID: (O)$ctypes.addressof$invalid type
                                • API String ID: 288810468-3457326693
                                • Opcode ID: 1ed79e3af6a29a22ef0b12f793c3d6b77dfb8862b8c0b7dc43e2b4ad75ba5f26
                                • Instruction ID: a61fbb66435645acf6cdffa7f159abe19e3cb8770971b55e7dca68260a331616
                                • Opcode Fuzzy Hash: 1ed79e3af6a29a22ef0b12f793c3d6b77dfb8862b8c0b7dc43e2b4ad75ba5f26
                                • Instruction Fuzzy Hash: 53F0FE51B08D07C6EF05AB63E8910B46760AFE8BB8B0494B1CE1DA6271EE2CE1D5C300
                                Function 00007FFE11ED1000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Capsule_Pointer
                                • String ID: _socket.CAPI
                                • API String ID: 2597503022-3774308389
                                • Opcode ID: 2ec5b829a4a7df79f3a2774a172ac27ce3b012500a101fcb8e3879bc7c06c298
                                • Instruction ID: 3492b568b488bb6b77e56fa6718ce281e32a7ad7bd6bd95347ba6c2337e77218
                                • Opcode Fuzzy Hash: 2ec5b829a4a7df79f3a2774a172ac27ce3b012500a101fcb8e3879bc7c06c298
                                • Instruction Fuzzy Hash: 80F0B731E48D42C5EF596BEBDC5943A2378AB45B64B1860B4CA1E06270CE3DE885C310
                                Function 00007FFE1323D264 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditParseSys_Tuple
                                • String ID: (O)$O&:PyObj_FromPtr$ctypes.PyObj_FromPtr
                                • API String ID: 3491098224-1450318991
                                • Opcode ID: 2bb121435f85e257f9b1056af5b6aad70d99910b320661e3d929a3a09f6eb257
                                • Instruction ID: 4741aa621fea505b947d751c1c7060b3997fee6e538fa2be55998b8b96c63ea4
                                • Opcode Fuzzy Hash: 2bb121435f85e257f9b1056af5b6aad70d99910b320661e3d929a3a09f6eb257
                                • Instruction Fuzzy Hash: D3F08261A0CD87C5EE05EB23F8800A56330FBE4764F804072C60D63270DE6CE546C340
                                Function 00007FFE11ED403C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                • String ID: (is)$getaddrinfo failed
                                • API String ID: 3413694139-582941868
                                • Opcode ID: 9cf4b89af8fc84022e11251e8872f527d159937c4b888d4879492c9bab817e05
                                • Instruction ID: ed57ccb255d686d4a943839f1729510ed39180a41b463a097a85b211849d9752
                                • Opcode Fuzzy Hash: 9cf4b89af8fc84022e11251e8872f527d159937c4b888d4879492c9bab817e05
                                • Instruction Fuzzy Hash: ECE0ED60E09E0381EF059BE3AC044B623A86F58BB1B4460B5C80E4A274DE3CE5D98301
                                Function 00007FFE11ED4088 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                • String ID: (is)$host not found
                                • API String ID: 3413694139-3306034047
                                • Opcode ID: 6a53d895d2facd3bd2467535f0768359fb6939f11af5027f1c80c0e72059fe2d
                                • Instruction ID: fafdfd4d3ca3f3ab2a31daedb1f26aa51e1da545b28be49dc15f1d2e6a8010b4
                                • Opcode Fuzzy Hash: 6a53d895d2facd3bd2467535f0768359fb6939f11af5027f1c80c0e72059fe2d
                                • Instruction Fuzzy Hash: DDE01A60E09E0381EF059BF3AC444B723A8AF58BB1B4424B9C80E4B374EE3DE596C300
                                Function 00007FFE1330A340 Relevance: 7.6, APIs: 5, Instructions: 93COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: NameName::$Name::operator+
                                • String ID:
                                • API String ID: 826178784-0
                                • Opcode ID: bce8ca39c1d4cdf7971423a01a1e8e868c385637c9e3d3eec5322708e8c4e6dd
                                • Instruction ID: 5a450abb2220a1b5b328d205113006ffeb759d021367d2d7b501fff3f38242f9
                                • Opcode Fuzzy Hash: bce8ca39c1d4cdf7971423a01a1e8e868c385637c9e3d3eec5322708e8c4e6dd
                                • Instruction Fuzzy Hash: E2418E36A18F5688FB10DB72E8901BC27B4BB25BA4B5445B1DE6D233B2DF38E546C304
                                Function 00007FFE13233F0C Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocDict_Item
                                • String ID:
                                • API String ID: 1953171116-0
                                • Opcode ID: 3e79e8a0ec8c6a2242c0b13afb3047cb975f84468eaa628f38e07b0f45846962
                                • Instruction ID: 115349728b32c160d9b8e8d17d45fddc370166b7f1d86b745bc66beab2f3cbe3
                                • Opcode Fuzzy Hash: 3e79e8a0ec8c6a2242c0b13afb3047cb975f84468eaa628f38e07b0f45846962
                                • Instruction Fuzzy Hash: 99214461A0DE42C9EA54AB23A954138E6A0AFE9BF0B5841B0DE0E677B5DF3CE540C300
                                Function 00007FFE130C2724 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918900135.00007FFE130C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                • Associated: 00000002.00000002.2918879267.00007FFE130C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918921952.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918942177.00007FFE130C5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                • Associated: 00000002.00000002.2918963738.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe130c0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: List_$DeallocItem
                                • String ID:
                                • API String ID: 1559017468-0
                                • Opcode ID: ca1c250aef14b2cb80a943dd37ef050920af6dc516bc50837cea6f6d33c8ee49
                                • Instruction ID: 013ea0315c5ff0a0e3fcedd47edaf32f74724485b0bfea0b9926e54ed8ffcafe
                                • Opcode Fuzzy Hash: ca1c250aef14b2cb80a943dd37ef050920af6dc516bc50837cea6f6d33c8ee49
                                • Instruction Fuzzy Hash: 83218B32A18F028AEA108F17A5442AA73F6FB28BA0F9445F5CB4D53B60DF3DE1568340
                                Function 00007FFE13231DD8 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dict_$DeallocObject_$AttrCallContainsErr_ErrorItemMakeOccurredUpdateWith
                                • String ID:
                                • API String ID: 3953964043-0
                                • Opcode ID: 83de81b2cdb9a0b5f02c82c61faec42d8a7f4e94c71193b3e965a821689d7666
                                • Instruction ID: fc80c17526c89394ff55e942ed4092c8af88d711bf49a06e695d205c9768a2e1
                                • Opcode Fuzzy Hash: 83de81b2cdb9a0b5f02c82c61faec42d8a7f4e94c71193b3e965a821689d7666
                                • Instruction Fuzzy Hash: BB215E31A09F4289EA54BB27E5401B5A7A0AFA8BB4F4491B5DD4E277B0DF7CF485C300
                                Function 00007FFE13234C60 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc
                                • String ID:
                                • API String ID: 3617616757-0
                                • Opcode ID: abd2609812ce25a27d1ac097890b043a0477b61f164c4d0ec192c4a938d68858
                                • Instruction ID: 0cb1bdcf514085ee6bfe259baae3fe3399bbcb67a525697b530355dd45574da5
                                • Opcode Fuzzy Hash: abd2609812ce25a27d1ac097890b043a0477b61f164c4d0ec192c4a938d68858
                                • Instruction Fuzzy Hash: 88211D75A09E4289FF54AF729814378A2A4EBA9B38F1484F0C94EBB1A4CF2D6545D310
                                Function 00007FFE126E2EB0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Module_State
                                • String ID:
                                • API String ID: 3434497292-0
                                • Opcode ID: 5312e3be2d983e72294361b6bb1bd3ec74fd4d4617b310efaba656f344fc5ce8
                                • Instruction ID: e10324e5f2c67d0d96c97cb6d4a7fabc3ca4506a047c806cab0cbf3da0d58eda
                                • Opcode Fuzzy Hash: 5312e3be2d983e72294361b6bb1bd3ec74fd4d4617b310efaba656f344fc5ce8
                                • Instruction Fuzzy Hash: DC11DB72D5AD0289FB59DF778C6833922A1AF54B65F1845B0C90E091F0CFADA9448391
                                Function 00007FFE13219FA8 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Module_$FromModuleSpecTypeType_$State
                                • String ID:
                                • API String ID: 1138651315-0
                                • Opcode ID: 61a4d07700435b38e5979996beba01b9920bec42d73c56830fb738b2919386a3
                                • Instruction ID: b29cb6fc958815754b2ffc80132f276e9c1b80bf84c5f0de6d28f10f261140e3
                                • Opcode Fuzzy Hash: 61a4d07700435b38e5979996beba01b9920bec42d73c56830fb738b2919386a3
                                • Instruction Fuzzy Hash: 71018C21B19F528AFB50AF23BA4473A63A0AF98FF0B548071CE4D26B65DE3CE045C700
                                Function 00007FFE11ED63D0 Relevance: 7.5, APIs: 5, Instructions: 39threadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Arg_DuplicateParseRestoreSaveSizeSocketTuple_
                                • String ID:
                                • API String ID: 3898289384-0
                                • Opcode ID: 30e3d47e4dfef95f6ca91981072f17e0fb37058b27de1da86756e3aef9c53be1
                                • Instruction ID: a179c127c8b9cc9ad302860e93648688fc82314e40508f6dd3c15a4abf30a5f9
                                • Opcode Fuzzy Hash: 30e3d47e4dfef95f6ca91981072f17e0fb37058b27de1da86756e3aef9c53be1
                                • Instruction Fuzzy Hash: A1111221A1CF8281EF609BE2EC487AB6365FF48BA4F402571D95D03765DF3CE1498600
                                Function 00007FFE1323DE38 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CallObject_$DeallocDict_Err_ErrorItemOccurredWith
                                • String ID:
                                • API String ID: 4058657591-0
                                • Opcode ID: 1a35c4ab6dce3baf8b5148636fef7374f6697dae909102b08545470e9d818853
                                • Instruction ID: 98f36d7cd72cfc84469b801707ed9c377c0a0ba40a0e8c072733a196ff28623b
                                • Opcode Fuzzy Hash: 1a35c4ab6dce3baf8b5148636fef7374f6697dae909102b08545470e9d818853
                                • Instruction Fuzzy Hash: BF01DA61B0AE42C9EE58BB27A958139D6A1AFE8BE0B089475DD0E17774DE2CE480C340
                                Function 00007FFE11ED647C Relevance: 7.5, APIs: 5, Instructions: 34threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                • String ID:
                                • API String ID: 24305128-0
                                • Opcode ID: 8ed085b80c573facd8b5490791f9e95c22dfd687bf32148a1c5aff15e421c6a6
                                • Instruction ID: d1f709dfcb8a4e5866065b67e2ce0c6ed9667d88fdd39c2c9743798d342c7f30
                                • Opcode Fuzzy Hash: 8ed085b80c573facd8b5490791f9e95c22dfd687bf32148a1c5aff15e421c6a6
                                • Instruction Fuzzy Hash: A601E825A08E5282EF649BA3BC8443B6369BF48BB4B5425B5DA5E437A4CF3CE4458610
                                Function 00007FFE1320251C Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919006594.00007FFE13201000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE13200000, based on PE: true
                                • Associated: 00000002.00000002.2918985157.00007FFE13200000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919028562.00007FFE13203000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919051034.00007FFE13205000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000002.00000002.2919071014.00007FFE13206000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13200000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Object_$ClearDeallocRefsThread_free_lockThread_release_lockTrackWeak
                                • String ID:
                                • API String ID: 778659985-0
                                • Opcode ID: af7311f06d4814466a90193bbfc4a352b295f919e9586dec9b625acca272069e
                                • Instruction ID: 7ccdad8d2e2d83d310cd214ef9a8c3d6036cefdce9f4b0b9192ba7d490698a5c
                                • Opcode Fuzzy Hash: af7311f06d4814466a90193bbfc4a352b295f919e9586dec9b625acca272069e
                                • Instruction Fuzzy Hash: C601FB25A08F428AEB58AF67E55433D6360FBE9FA4F085071CE0A22265CF3CD498C340
                                Function 00007FFE1321243C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: __acrt_iob_func
                                • String ID: block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x
                                • API String ID: 711238415-3357347091
                                • Opcode ID: 943b634fa9d07ff961db70dbb74d68f24273f83e3e6fcba7a578889a90a7400e
                                • Instruction ID: 3738f0e977b8a56eabb230a87a4000ed1b8efddba51d607056bd90025750d0b3
                                • Opcode Fuzzy Hash: 943b634fa9d07ff961db70dbb74d68f24273f83e3e6fcba7a578889a90a7400e
                                • Instruction Fuzzy Hash: 2261D436B04B528AE710BF17954A2A93755BBD6BE4F444074DE0A2B3A7CE3CE406CB00
                                Function 00007FFE13304288 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE133069C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE133025CE), ref: 00007FFE133069CE
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE13304407
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort
                                • String ID: $csm$csm
                                • API String ID: 4206212132-1512788406
                                • Opcode ID: 0334d4e6c50ab9b6f685e521b3ae1a91d89b048a29f68cf2dce9c00bf400fe87
                                • Instruction ID: 753eb454b119cbbc59eb999280841b4374fbe91b470515bfc05a402cb63a894e
                                • Opcode Fuzzy Hash: 0334d4e6c50ab9b6f685e521b3ae1a91d89b048a29f68cf2dce9c00bf400fe87
                                • Instruction Fuzzy Hash: 9B71B432908A918AD7608F26D05077D7BA0FB14FA8F1481B5DB6C27AA5CF3CD5A1CB45
                                Function 00007FFE13304060 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE133069C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE133025CE), ref: 00007FFE133069CE
                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE13304157
                                • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE13304167
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Frameabort$EmptyHandler3::StateUnwind
                                • String ID: csm$csm
                                • API String ID: 4108983575-3733052814
                                • Opcode ID: d96c539858820a31a9c1340fe1861477bc26c032fcc487563b75466d3052f7d1
                                • Instruction ID: e5b1d1aec4307ab4b3697b9229d1b982d406712fd4f36ca3cc10027fa471f0a4
                                • Opcode Fuzzy Hash: d96c539858820a31a9c1340fe1861477bc26c032fcc487563b75466d3052f7d1
                                • Instruction Fuzzy Hash: 84517332A08A828EEB648B13D54426C77A4FB61BA5F144175DAAC77BE5CF3CE550CB08
                                Function 00007FFE1330F050 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CurrentImageNonwritableUnwind
                                • String ID: csm$f
                                • API String ID: 451473138-629598281
                                • Opcode ID: 94627d9c7195f9c36ee16ac86650ab8a4e652cd15aa300a0b5f08846187e0d97
                                • Instruction ID: 4bbb5b227bd560e964425ceb6c92c8659970b67cfc93ebc3206829a8e176930a
                                • Opcode Fuzzy Hash: 94627d9c7195f9c36ee16ac86650ab8a4e652cd15aa300a0b5f08846187e0d97
                                • Instruction Fuzzy Hash: 6151F636B09A028EDB58CF17E444A6D33A5FB64BA8F108170D92E63758DF3CE945C708
                                Function 00007FFE1330AAD8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: NameName::
                                • String ID: %lf
                                • API String ID: 1333004437-2891890143
                                • Opcode ID: ce39b8ddb33b1742c1c733f8d1258caa8bc8f3cdabe38b30e72aebe8897d44a3
                                • Instruction ID: 5427d926d2310595b0e40b4a76f468f62def7ce644402cbf2f611c61028098b3
                                • Opcode Fuzzy Hash: ce39b8ddb33b1742c1c733f8d1258caa8bc8f3cdabe38b30e72aebe8897d44a3
                                • Instruction Fuzzy Hash: EE31C661A08F4689E611CB27B8500BDB361FF65BA0F4486B1E97EA7772DF2CE1018308
                                Function 00007FFE1323A8D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_Stringmemcpy
                                • String ID: abstract class
                                • API String ID: 4155950771-1623945838
                                • Opcode ID: 39caa09f7d9a9fa5dd63c26db85cad3ebfb1af8ff0279c48b353af220d1a1222
                                • Instruction ID: 47768dd01c44e76c94d81b8ed7f1087802c3bfcd0b4309bfda2802a1ba7bac72
                                • Opcode Fuzzy Hash: 39caa09f7d9a9fa5dd63c26db85cad3ebfb1af8ff0279c48b353af220d1a1222
                                • Instruction Fuzzy Hash: 14217A32A19F058AEB54AF23E840128B3A4FBA8FA4F195175CE4D27764CF3CE461C340
                                Function 00007FFE13231904 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Object_$Err_InstanceStringSubclass
                                • String ID: abstract class
                                • API String ID: 1122563627-1623945838
                                • Opcode ID: 6c7db8fb0eb44c7424908bf4032845ff0e9bfd72eafbca4c076b0be6399d20a6
                                • Instruction ID: 922681a78f7a7f6d9af1a3b17a935a9ff77422d46b2f5a6f4f44719636d8e70e
                                • Opcode Fuzzy Hash: 6c7db8fb0eb44c7424908bf4032845ff0e9bfd72eafbca4c076b0be6399d20a6
                                • Instruction Fuzzy Hash: 45213A20A0CE0789FA50BB27E850079A769AFE9FF0F1495B1DE0E722B5DE2CF451C600
                                Function 00007FFE1323402C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE13233A00: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE13233A4B
                                • PyUnicode_FromStringAndSize.PYTHON311 ref: 00007FFE13234090
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FromSizeStringUnicode___stdio_common_vsprintf
                                • String ID: :%x$ctypes object structure too deep
                                • API String ID: 1484205955-3091822184
                                • Opcode ID: 2459c21495d6783b8173aaa301187f361a2d8e91fe46e9680da2c72f9c63c0db
                                • Instruction ID: 9ef9aee137220e91b3cda1f8ae4d903dd6555be1d6d7f3d1404e586f0ee7b5d6
                                • Opcode Fuzzy Hash: 2459c21495d6783b8173aaa301187f361a2d8e91fe46e9680da2c72f9c63c0db
                                • Instruction Fuzzy Hash: 6A214F31718E86D9EA20DB16E4402A9A3A0FBDC7A0F444175DA8D67775DE3CE245C700
                                Function 00007FFE11ED4984 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                • String ID: connect_ex$socket.connect
                                • API String ID: 3879675179-935070752
                                • Opcode ID: 519d91c1521d7ca2a279efb283116c1a82e5b0cbd6912119feca9d2d0b2f093f
                                • Instruction ID: 2e7d2445149631891ee013a0c49a97c76346330fc7238d79ca886c19f5785d76
                                • Opcode Fuzzy Hash: 519d91c1521d7ca2a279efb283116c1a82e5b0cbd6912119feca9d2d0b2f093f
                                • Instruction Fuzzy Hash: 08111E21B18E8281EF609BE3FC117E763A8FF54BE4F442576DA4D47A69EE2CE1048740
                                Function 00007FFE1323A840 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AuditErr_StringSys_
                                • String ID: abstract class$ctypes.cdata
                                • API String ID: 1384585920-3531133667
                                • Opcode ID: 9146581257e5cd249a8ce15bd5017c0ced05df42edf8eab21e35891fecd2194b
                                • Instruction ID: c2b9308455db4b1efedd8668694baddde40ddbcc256fedc63d1d6bd2a1f747cb
                                • Opcode Fuzzy Hash: 9146581257e5cd249a8ce15bd5017c0ced05df42edf8eab21e35891fecd2194b
                                • Instruction Fuzzy Hash: 5201F721B19F4285EB44AB13F894179BBA0FBD9FA4B0494B5DA4DA7764EF2CE152C300
                                Function 00007FFE13233E98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • bytes or integer address expected instead of %s instance, xrefs: 00007FFE13238AEB
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Long$Bytes_Long_MaskStringUnsigned
                                • String ID: bytes or integer address expected instead of %s instance
                                • API String ID: 3464282214-706233300
                                • Opcode ID: c48ceac9eea2b1fa827f2cbb00a6abdd9340ea2753a13b5f87d6d5264b647cc5
                                • Instruction ID: 2f0bef09dda99325017abbb2893cd0c3e030e612e2ad4d12214fdfd2b73e4cf6
                                • Opcode Fuzzy Hash: c48ceac9eea2b1fa827f2cbb00a6abdd9340ea2753a13b5f87d6d5264b647cc5
                                • Instruction Fuzzy Hash: 97011B76A09E46C9EB40AF17E840238A360BBA8BA4F508472CE4E57320CE3CE495C340
                                Function 00007FFE1323DD4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AuditDeallocFromLongLong_Sys_
                                • String ID: ctypes.get_errno
                                • API String ID: 2276389247-2892954555
                                • Opcode ID: c6ace954750aef6584acdef0dbafe0f2db3ad2dcd629e74672a8309c43f57945
                                • Instruction ID: 5929a6672a5d4b82c67411fd1309acf0b49330d53dfc8f73ca75592b79035730
                                • Opcode Fuzzy Hash: c6ace954750aef6584acdef0dbafe0f2db3ad2dcd629e74672a8309c43f57945
                                • Instruction Fuzzy Hash: 20F0A922B19F42C6EA44AB27E944179B2A1EFE87E0F445074DA4E57774DF3CE490C700
                                Function 00007FFE1323DDCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AuditDeallocFromLongLong_Sys_
                                • String ID: ctypes.get_last_error
                                • API String ID: 2276389247-1232113872
                                • Opcode ID: 853979658a44e765c27009c70b8a62aa63505b1bac88553f7faa954c15010c56
                                • Instruction ID: bd087fc9f3a0160153deb206fda984d1c2b69df2358a20f5f66b4b9d01cbab4a
                                • Opcode Fuzzy Hash: 853979658a44e765c27009c70b8a62aa63505b1bac88553f7faa954c15010c56
                                • Instruction Fuzzy Hash: 09F08622B19F42C5EA44AB37E944178B2A1EFE8BA0F484074D90E567B4DE2CE190C700
                                Function 00007FFE13234F04 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_LongLong_MaskStringUnicode_Unsigned
                                • String ID: function name must be string, bytes object or integer
                                • API String ID: 2115587880-3177123413
                                • Opcode ID: 81ea3209a1b354214586730592f4c670ad1da60d41d4e62eb4eacb33d520f56b
                                • Instruction ID: 5ab4eec1943e9993c77bb7206c9e4c638acfa3196eff02af5e4eb9cf82abd2c2
                                • Opcode Fuzzy Hash: 81ea3209a1b354214586730592f4c670ad1da60d41d4e62eb4eacb33d520f56b
                                • Instruction Fuzzy Hash: 19018622B19E02C9FB25AB67D8542786251BFEDB64F4480F1C84D677B0EE2C5485C300
                                Function 00007FFE1323D9D4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditCallObject_ParseSys_Tuplememset
                                • String ID: O&O!$ctypes.call_function
                                • API String ID: 886791329-313584727
                                • Opcode ID: 17adec98670e9f6cdebf84fa662457cca95efbc4de64805adf32e68e07ce2538
                                • Instruction ID: f52c0f2650243bf9fb062f565053a086a38cc28abc386ff9ff2149fb8c302cc3
                                • Opcode Fuzzy Hash: 17adec98670e9f6cdebf84fa662457cca95efbc4de64805adf32e68e07ce2538
                                • Instruction Fuzzy Hash: 0E016D76A18F46CAEB00EF12E4447AAA7A0FB987A4F404176DA4D13774DF3CE185C740
                                Function 00007FFE1323DA68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_AuditCallObject_ParseSys_Tuplememset
                                • String ID: O&O!$ctypes.call_function
                                • API String ID: 886791329-313584727
                                • Opcode ID: 956f25cfe963604cb9d4e30e000f0088442d622793c0436951a4906829bed983
                                • Instruction ID: a436d56887113a49de32c53d0985ae687c57f75521043cf7413a9429dd052c33
                                • Opcode Fuzzy Hash: 956f25cfe963604cb9d4e30e000f0088442d622793c0436951a4906829bed983
                                • Instruction Fuzzy Hash: 6B018072A18F46C6E700EF12E8447A9A7A4FBE87A4F4041B6EA4C12674DF3CE149CB40
                                Function 00007FFE13232F60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_String
                                • String ID: _type_ must be a type$_type_ must have storage info
                                • API String ID: 1259552197-214983684
                                • Opcode ID: f9c93959e9af95d6c9b4c14054f54ac853c0c588ad50044a4a2a3fec31618313
                                • Instruction ID: 8a3e70b9d6c7569c49b7499b7d7e256d0ce67f5be67b5f56b7650ed906a4d6d0
                                • Opcode Fuzzy Hash: f9c93959e9af95d6c9b4c14054f54ac853c0c588ad50044a4a2a3fec31618313
                                • Instruction Fuzzy Hash: 8201FF75A09F02C9EE54BB16D440178A2A0AFEEBB0F5485B1D90D722B0DF2CA584C701
                                Function 00007FFE1323E7AC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String
                                • String ID: cannot be converted to pointer
                                • API String ID: 1450464846-3065012988
                                • Opcode ID: ba69f6be1e03f64db6319ffa1c479f40c92e1bf7f208d3a0c57e532b4c3c8d90
                                • Instruction ID: 2f452e7c6160914ea4f86f1e61677d1b8bee2e117ad9e13e0e1e84eec1160913
                                • Opcode Fuzzy Hash: ba69f6be1e03f64db6319ffa1c479f40c92e1bf7f208d3a0c57e532b4c3c8d90
                                • Instruction Fuzzy Hash: FA014F62E08E46D9FA40AB16E480338A3A0FBE8FA4F149071D90D17374DE3CE4C4C700
                                Function 00007FFE1323B1F8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Callable_CheckDeallocErr_String
                                • String ID: the errcheck attribute must be callable
                                • API String ID: 3907376375-3049503998
                                • Opcode ID: 40a5e4c9387a9eacadc56f8a50b5cb35d6fcf5bb7bd3e5eec0ef331718cf67ff
                                • Instruction ID: 433e5a6915d067261fc5389d62e7aff56f6efb64386efa453645e2036999f3d6
                                • Opcode Fuzzy Hash: 40a5e4c9387a9eacadc56f8a50b5cb35d6fcf5bb7bd3e5eec0ef331718cf67ff
                                • Instruction Fuzzy Hash: 99F04421A0CE42C6EE98AF67E954138A360BFE9BB4F54C271CE5D56170DF2CE495C300
                                Function 00007FFE13302630 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE133069C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE133025CE), ref: 00007FFE133069CE
                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1330266E
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abortterminate
                                • String ID: MOC$RCC$csm
                                • API String ID: 661698970-2671469338
                                • Opcode ID: e63037d86fd6ed08c01758bd2d278b6a49b1453d2f75febe4acf0c3d16fc865e
                                • Instruction ID: a8db44579c1c0dcdacbc95ca0ff6cd286c06ac6db6ab13829fc78da8494d7f10
                                • Opcode Fuzzy Hash: e63037d86fd6ed08c01758bd2d278b6a49b1453d2f75febe4acf0c3d16fc865e
                                • Instruction Fuzzy Hash: 67F0AF32908E0ACAE7505B62E18006D7260EB58B74F1951B0CBAC53666CF7CD490CB04
                                Function 00007FFE13239A20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$Long_OccurredStringVoid
                                • String ID: integer expected
                                • API String ID: 1621529885-2140524511
                                • Opcode ID: 7b49f154c6c6e067b1201768131b658a8a7bf5851dad34e5bb971b0d47541ff1
                                • Instruction ID: de7d1ceac4960627ec4fca9171ad07fcf1499f7dab81b3ce6b7fc9f6dec0fa70
                                • Opcode Fuzzy Hash: 7b49f154c6c6e067b1201768131b658a8a7bf5851dad34e5bb971b0d47541ff1
                                • Instruction Fuzzy Hash: A7F01721B08E46C9EA44AB57E595239A7A0AFE9BE4F1491B0D94E27374DE2CE484C700
                                Function 00007FFE126E120C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                Download Yara Rule
                                APIs
                                • PyLong_AsUnsignedLongLong.PYTHON311(?,?,00000006,00007FFE126E0080), ref: 00007FFE126E1219
                                • PyErr_Occurred.PYTHON311(?,?,00000006,00007FFE126E0080), ref: 00007FFE126E1222
                                • PyErr_SetString.PYTHON311(?,?,00000006,00007FFE126E0080), ref: 00007FFE126E5AD1
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                • String ID: Value too large for uint32_t type
                                • API String ID: 944333170-1712686559
                                • Opcode ID: 9bd35320a0081bffd2fdba9bc7a0431c058ebd7055e0bc2aeb8b7046bc9156ca
                                • Instruction ID: fe560a10fb2ce8e529a29055230b6ad0e2967ed03b774476edbab45198a9882f
                                • Opcode Fuzzy Hash: 9bd35320a0081bffd2fdba9bc7a0431c058ebd7055e0bc2aeb8b7046bc9156ca
                                • Instruction Fuzzy Hash: 9FF0FE21B18E03C9EB10DB27FCD41B92360AB48BA4F1454B4D90E8A2B5DEBCE8999700
                                Function 00007FFE126E5FF8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                • String ID: Value too large for lzma_match_finder type
                                • API String ID: 944333170-1161044407
                                • Opcode ID: 1992f4a12c7c1f0ebfb6e28e4b31a1bc126eea938d55d2ae515accdf1517bb11
                                • Instruction ID: ee4714fb64d81f0a07196c614c1003b847909d4137fc987b02b7c442bc6560f3
                                • Opcode Fuzzy Hash: 1992f4a12c7c1f0ebfb6e28e4b31a1bc126eea938d55d2ae515accdf1517bb11
                                • Instruction Fuzzy Hash: 93F0FE21A18E47C9EF508F17FD841796360AF44BA4F1840B5D95D463F4DEBDEC559700
                                Function 00007FFE126E6050 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                • String ID: Value too large for lzma_mode type
                                • API String ID: 944333170-1290617251
                                • Opcode ID: 01b3de0eb10288a7028a831af74b25852f10dc5678a4325c86ea28051705c33e
                                • Instruction ID: 64b3a355a7688f226d67755f448752a2d8dcf9342b54bf15fbca675d8dab779f
                                • Opcode Fuzzy Hash: 01b3de0eb10288a7028a831af74b25852f10dc5678a4325c86ea28051705c33e
                                • Instruction Fuzzy Hash: FBF0FE21A18E43D9EF509F27EE841796360AF48BA4F1854B4D91D462F5DEBDF8948300
                                Function 00007FFE11ED5CC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FFE11ED5CE1
                                • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FFE11ED5D07
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_FormatFromStringUnicode_
                                • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                • API String ID: 1884982852-285600062
                                • Opcode ID: 21ded50ad9b951d9327c489c5827ede9c202102ff5d17ea57af7a995111f4177
                                • Instruction ID: 54b22e6dbacc092ad649d8b9803e8672428913d7f22528b540ee692f5bb82c60
                                • Opcode Fuzzy Hash: 21ded50ad9b951d9327c489c5827ede9c202102ff5d17ea57af7a995111f4177
                                • Instruction Fuzzy Hash: 33F03AB0A0894282DF108B6ADC1052A2365FB55BB8F602771C93E476F4EE2CE406C700
                                Function 00007FFE13238162 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • second item in _fields_ tuple (index %zd) must be a C type, xrefs: 00007FFE1323817E
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_FormatFreeMem_
                                • String ID: second item in _fields_ tuple (index %zd) must be a C type
                                • API String ID: 3237669406-2717732800
                                • Opcode ID: 6c5e0c61733740b2a0fd8058cc8b9152b4a417e0ab55625c6ded04eac5423bae
                                • Instruction ID: 4e6831e943219de169157907044ca735fd02f3dc6b8c9f50261d7c5db22df97c
                                • Opcode Fuzzy Hash: 6c5e0c61733740b2a0fd8058cc8b9152b4a417e0ab55625c6ded04eac5423bae
                                • Instruction Fuzzy Hash: 93E0EC24A0CE43CAFA40BB27A854038A720BFE5FB0B1042B1DD1E622F0CE3CA189D200
                                Function 00007FFE1330A058 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID:
                                • API String ID: 2943138195-0
                                • Opcode ID: 648336d396e82ff845145f22116d02ab074a94aa94e21a1e761fb2f6b175ab31
                                • Instruction ID: 718d69e801501cd69cae10bef43c98458262634a1b8fde5e09843f6b6fa8fe40
                                • Opcode Fuzzy Hash: 648336d396e82ff845145f22116d02ab074a94aa94e21a1e761fb2f6b175ab31
                                • Instruction Fuzzy Hash: FE915D32E08A568DF7118BA6E8403AC27B1BB24728F5441B5DE6D376B5DF7CA846C348
                                Function 00007FFE1330A814 Relevance: 6.1, APIs: 4, Instructions: 133COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+$NameName::
                                • String ID:
                                • API String ID: 168861036-0
                                • Opcode ID: 98efd56155e24b1ceec94087ea0ccb087ffd731ce7e45ec66b02000ff67e82c1
                                • Instruction ID: e4ee95be02dd5c414299f1e095391cf9ab7cf7bed956043150bbfc8f7a6db2b0
                                • Opcode Fuzzy Hash: 98efd56155e24b1ceec94087ea0ccb087ffd731ce7e45ec66b02000ff67e82c1
                                • Instruction Fuzzy Hash: 35517972A18E5A8DF7118F62E8407BC37A0BB64B64F148571DAAD277B6DF38E442C304
                                Function 00007FFE126D8190 Relevance: 6.1, APIs: 4, Instructions: 100threadCOMMON
                                Download Yara Rule
                                APIs
                                • PyType_GetModuleState.PYTHON311(?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126D81C5
                                  • Part of subcall function 00007FFE126E234C: PyBytes_FromStringAndSize.PYTHON311(?,?,?,00007FFE126D81DF,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E2383
                                  • Part of subcall function 00007FFE126E234C: PyList_New.PYTHON311(?,?,?,00007FFE126D81DF,?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126E2396
                                • PyEval_SaveThread.PYTHON311(?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126D81EC
                                • PyEval_RestoreThread.PYTHON311(?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126D8205
                                • _Py_Dealloc.PYTHON311(?,?,?,00000000,?,?,?,00007FFE126D7E4D), ref: 00007FFE126D82C0
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                • String ID:
                                • API String ID: 2935988267-0
                                • Opcode ID: 8f38ee065ad073efe6d3612923c705ed0b9f0ca6d749be3130afc58a7f696932
                                • Instruction ID: d03f1a30da49fb1d6ef14407d18c27c6fb5c8b106428d7d59506fdf6e38a79f3
                                • Opcode Fuzzy Hash: 8f38ee065ad073efe6d3612923c705ed0b9f0ca6d749be3130afc58a7f696932
                                • Instruction Fuzzy Hash: B8419622A09E4A86EA64DB279C882BD2394FF847A8F244175DA4D437F4DF7DE946C340
                                Function 00007FFE1330CC48 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+$Replicator::operator[]
                                • String ID:
                                • API String ID: 3863519203-0
                                • Opcode ID: 59a8e1a8bea4fa0d3053ac7b282f3cf586ef513a0d49dabd13085b0ba4a6c699
                                • Instruction ID: eaec0d5a66fcf5e4d916d7639db6f4bc95ddd281ceb78455f57d126bdeb11899
                                • Opcode Fuzzy Hash: 59a8e1a8bea4fa0d3053ac7b282f3cf586ef513a0d49dabd13085b0ba4a6c699
                                • Instruction Fuzzy Hash: 93417972A04B85CDEB01CF65D8403AC77B0BB64B68F548075DA5D6B76ADF3C9441C354
                                Function 00007FFE11ED3BA8 Relevance: 6.1, APIs: 4, Instructions: 75threadtimeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$RestoreSaveTime_Timeval_clampselect
                                • String ID:
                                • API String ID: 3905867726-0
                                • Opcode ID: 947ac965c37a758a9fa8a6c53622192885134dfb450c88c4b3ce8717958678c4
                                • Instruction ID: a3938c197cd46c5b237d0740af9e4b3d1b6e0abde7e5fb73e1048f0cda227e01
                                • Opcode Fuzzy Hash: 947ac965c37a758a9fa8a6c53622192885134dfb450c88c4b3ce8717958678c4
                                • Instruction Fuzzy Hash: 6C31B472B0CF8286EB648FA7AC4466B63A4FB887B4F501275DA6D437A4DF3CD4058710
                                Function 00007FFE1323B42C Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Mem_$DeallocFreeMallocmemcpy
                                • String ID:
                                • API String ID: 1346496523-0
                                • Opcode ID: 8c08fdf6c3f6743b583b35e04fc598e2fc29906b9b2b5698a8cb90300fdd1926
                                • Instruction ID: 160cb4448964f35f5c7d5462897bf084679ef37dcb029a0a298b6923881cea5b
                                • Opcode Fuzzy Hash: 8c08fdf6c3f6743b583b35e04fc598e2fc29906b9b2b5698a8cb90300fdd1926
                                • Instruction Fuzzy Hash: DF215E62A19F4286EB54AF12E950038A7A0FBACFA4B044575DB4D67764EF3CD491C344
                                Function 00007FFE132349BC Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Descr_Dict_ItemString
                                • String ID:
                                • API String ID: 975051370-0
                                • Opcode ID: cbfa8e76cbb37faade4b4752a761ba53e7deef88f0e4638b9d9c9114bc06fd37
                                • Instruction ID: 987554fdc58e854639dbd73510cc363e6544896279c77fce9439eb5840c4924e
                                • Opcode Fuzzy Hash: cbfa8e76cbb37faade4b4752a761ba53e7deef88f0e4638b9d9c9114bc06fd37
                                • Instruction Fuzzy Hash: A9115125B1DE4289EE54AB13A910379A250EFADFE0F1841B0DE4E637A5DF3CD491C300
                                Function 00007FFE132315F4 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE132322B0: _PyObject_MakeTpCall.PYTHON311 ref: 00007FFE13232301
                                • PyWeakref_NewProxy.PYTHON311(?,?,00000000,00007FFE1323156A), ref: 00007FFE1323163E
                                • PyDict_SetItem.PYTHON311(?,?,00000000,00007FFE1323156A), ref: 00007FFE1323165F
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323156A), ref: 00007FFE13236A71
                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1323156A), ref: 00007FFE13236A80
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$CallDict_ItemMakeObject_ProxyWeakref_
                                • String ID:
                                • API String ID: 1512266493-0
                                • Opcode ID: edfa2a0c717579e9911386e870fa1321e468c4d2dd0d8facd930d0c933b2ac38
                                • Instruction ID: 12f9e30ad69bd8b4d933edd257547564d495b2da5289b62222767f4226f5a620
                                • Opcode Fuzzy Hash: edfa2a0c717579e9911386e870fa1321e468c4d2dd0d8facd930d0c933b2ac38
                                • Instruction Fuzzy Hash: 16116D21A49E4289EA54AF27A840079A3A4FBE9BE0B1C8171DE4E277A5CE3CE451C700
                                Function 00007FFE13219B99 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocFreeMem_Thread_free_lock
                                • String ID:
                                • API String ID: 2783890233-0
                                • Opcode ID: 5aeb15387b95166676224402c5d5f2316a130d4eb9e2bcf5365a9fe41ac904a5
                                • Instruction ID: 60a22411521ee20d9155c72c6c7318c27339a95f925651c259a5ee6b124f6c5e
                                • Opcode Fuzzy Hash: 5aeb15387b95166676224402c5d5f2316a130d4eb9e2bcf5365a9fe41ac904a5
                                • Instruction Fuzzy Hash: 09114C32B0DE42C9EB5AAF269A5437C2360AFE5F94F0840B1CA4E576A7CF2CD854C340
                                Function 00007FFE11ED4BE4 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                • String ID:
                                • API String ID: 1387529023-0
                                • Opcode ID: 1c7e6d5011a2135e8c06ff2d843152878263a225684895c46d3c4021394f55f9
                                • Instruction ID: c697bc92c11dfacdc9c0558091649ef298c33cb1a366870bbdac1350c60821d2
                                • Opcode Fuzzy Hash: 1c7e6d5011a2135e8c06ff2d843152878263a225684895c46d3c4021394f55f9
                                • Instruction Fuzzy Hash: 7611216161CF8282EF709BA2F8403ABA365FB987A4F405572DA8D17A69DF3CE1458740
                                Function 00007FFE11ED4CA4 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                • String ID:
                                • API String ID: 772546412-0
                                • Opcode ID: 1577330f62de6ded43e8dddc616ca128f006a8c56b02915f3c7181489a52fc15
                                • Instruction ID: d5fa514298839346997bb4c1617cf71c10f37623c4191d753ad1adf5962b83bd
                                • Opcode Fuzzy Hash: 1577330f62de6ded43e8dddc616ca128f006a8c56b02915f3c7181489a52fc15
                                • Instruction Fuzzy Hash: A3111F2561CF8282EF709BA3F8403ABA365FB987A4F405572DA8D17A69DF3CE1458700
                                Function 00007FFE126D771C Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocFreeMem_Thread_free_lock
                                • String ID:
                                • API String ID: 2783890233-0
                                • Opcode ID: ded47ae1821033afc235da8da11ac421acedd777b947b69bb705572841b9da8d
                                • Instruction ID: c9566b359182507ca1ace97a825c4e19c83a56b5bca816599902c2d590c7b13b
                                • Opcode Fuzzy Hash: ded47ae1821033afc235da8da11ac421acedd777b947b69bb705572841b9da8d
                                • Instruction Fuzzy Hash: C7010022A09DCA86EB9D8F63EC9437C2360EF44BA4F184475DA5E061F4CF6C9845C351
                                Function 00007FFE1323C458 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dealloc$Object_Track
                                • String ID:
                                • API String ID: 887704541-0
                                • Opcode ID: 3d42f6f96641afa8e40a9b95133215a649903610cae807ab0b9964238f53290f
                                • Instruction ID: 884a30f4896e24a96c6092a6c0114bd76fec5e693afdf20aac17f67f967114ed
                                • Opcode Fuzzy Hash: 3d42f6f96641afa8e40a9b95133215a649903610cae807ab0b9964238f53290f
                                • Instruction Fuzzy Hash: E801BF35E0AE12C9FE59AF77A8541386360AFE9F74F1481B0CE4E13670CE2DA481C350
                                Function 00007FFE11ED4864 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                • String ID:
                                • API String ID: 1624953543-0
                                • Opcode ID: 1179f49cef2614599ac27385311664bb38b10ace598ec30c3f873f2a9e03a6a8
                                • Instruction ID: 33d3bfa0c8da144b64e3907dfcbc1128898d93adc38b797a4fb6d1c1f5dc57c0
                                • Opcode Fuzzy Hash: 1179f49cef2614599ac27385311664bb38b10ace598ec30c3f873f2a9e03a6a8
                                • Instruction Fuzzy Hash: 4EF04F25A08F5182EB145BA7B84446A73A4EB54BB0B442770DA7E03BF4CF3CD445C300
                                Function 00007FFE1323C8D4 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: State_$EnsureInitializeInitializedRelease
                                • String ID:
                                • API String ID: 2621580956-0
                                • Opcode ID: 228736a826a5a1ff67be1b297f58c8bae0a48c2954096bea5476443be523e544
                                • Instruction ID: 8b01099eb998b95ee432a777c00fe37df15979729462d1465c25d6c6c5e01603
                                • Opcode Fuzzy Hash: 228736a826a5a1ff67be1b297f58c8bae0a48c2954096bea5476443be523e544
                                • Instruction Fuzzy Hash: 11F03021B08F91CAEB406B63B844029A260ABE8FE0F588474EE4953725DE3CD481C700
                                Function 00007FFE11ED7310 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DecodeDefaultErr_ErrnoFromLongLong_Unicode_Unsignedif_indextoname
                                • String ID:
                                • API String ID: 1147600871-0
                                • Opcode ID: 90c782a69252593657e351c54f1b06e3e0398504c2af1d4c3f456dd59c26aa3c
                                • Instruction ID: 6845042c0bdf85c6a59a6465e960e787f001da0c561fbd79964df3e7673923ed
                                • Opcode Fuzzy Hash: 90c782a69252593657e351c54f1b06e3e0398504c2af1d4c3f456dd59c26aa3c
                                • Instruction Fuzzy Hash: 85F01221E18E8281EF609762EC5537A23A4BF88B78F842571D95E862B4DE3CE1098600
                                Function 00007FFE133049B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: abort$CreateFrameInfo
                                • String ID: csm
                                • API String ID: 2697087660-1018135373
                                • Opcode ID: 5e4671b1cbff3658d511699c3cf653202505efa909c7ec854f7fa1af4338784c
                                • Instruction ID: 0218ea62598222a8ddc72f35414b3980a85455a2c45be5b3f598effeba7b4273
                                • Opcode Fuzzy Hash: 5e4671b1cbff3658d511699c3cf653202505efa909c7ec854f7fa1af4338784c
                                • Instruction Fuzzy Hash: 25514C36618B418AD620EB17E04026EB7A4FB99BB0F100574EBED17B65DF3CE454CB48
                                Function 00007FFE13309F44 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Name::operator+
                                • String ID: void$void
                                • API String ID: 2943138195-3746155364
                                • Opcode ID: 7dcf970a61f58172c3a4f39e178d28c376ed2dbead67cac1058dce2bd18ce07b
                                • Instruction ID: feac4a2ee1841089dd59858a25aa212951e0fc262ec0205dc9cdde8dbf5ea82e
                                • Opcode Fuzzy Hash: 7dcf970a61f58172c3a4f39e178d28c376ed2dbead67cac1058dce2bd18ce07b
                                • Instruction Fuzzy Hash: 2A315962E18F598CFB01CBA1E8410FC37B0BB68758B444676EE6D62B69DF3C9144C758
                                Function 00007FFE11ED40D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE11ED7AE8: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE11ED7B2C
                                • PyErr_SetString.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE11ED3635), ref: 00007FFE11ED41AF
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String__stdio_common_vsscanf
                                • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                • API String ID: 3283897942-3956635471
                                • Opcode ID: 2a7f0246533caa97d69931e1c2b3aab3f1e9f99ef436862b711c96c1fe23d8e7
                                • Instruction ID: 09423448bfe528867dfb709239fad846b6928e22c0a477cdbd30b67427664f56
                                • Opcode Fuzzy Hash: 2a7f0246533caa97d69931e1c2b3aab3f1e9f99ef436862b711c96c1fe23d8e7
                                • Instruction Fuzzy Hash: 5721AC72718E9182DF508B92E8880AD73AAF7447E0F419136EAAC47B68DF3DD954C710
                                Function 00007FFE133062EF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FileHeader$ExceptionRaise
                                • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                • API String ID: 3685223789-3176238549
                                • Opcode ID: 7bbd72394c3e749fc10370465baa4d9a755cb91736d17097c685b3404c0deaff
                                • Instruction ID: 9e5c7bbe6796ba12e26c4987d14cac579b5bc62be22068980f5f175ad6420c0d
                                • Opcode Fuzzy Hash: 7bbd72394c3e749fc10370465baa4d9a755cb91736d17097c685b3404c0deaff
                                • Instruction Fuzzy Hash: C501D461E29E4AD9EF40CB12E4501BC6320FFA0BB4F5050B1E56E1667EEF6CE544D708
                                Function 00007FFE1323EDAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_FormatLongLong_
                                • String ID: one character bytes, bytearray or integer expected
                                • API String ID: 832222675-2748977362
                                • Opcode ID: 4171aea13ba1fa0aee4d8e851ffe7b5e382af772fa60775af7b968a914772540
                                • Instruction ID: 8e77f055802db28ed0a7670fe7aed307ad270d451581935b7c7d1d0a4861bcd4
                                • Opcode Fuzzy Hash: 4171aea13ba1fa0aee4d8e851ffe7b5e382af772fa60775af7b968a914772540
                                • Instruction Fuzzy Hash: 47112123A09E4689EB55AF27D444179A7A0EFE9BA4F1890B1CA4D57371CE2CD498C740
                                Function 00007FFE13232DC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_String
                                • String ID: abstract class
                                • API String ID: 1259552197-1623945838
                                • Opcode ID: 889cc83bd7e42d210c141f1a36b7b4f58b9fb1ebab554f935c723b1e3cc6fbc7
                                • Instruction ID: cf386bb1013da1aa67ab21dacf92a57ede065e1e9f194e687b6e1e604ecfd864
                                • Opcode Fuzzy Hash: 889cc83bd7e42d210c141f1a36b7b4f58b9fb1ebab554f935c723b1e3cc6fbc7
                                • Instruction Fuzzy Hash: D1116921A09F0685EA54AB17E555378A7A0EFEEBB1F185174CA0D673A1DF3CE444C340
                                Function 00007FFE13306690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ExceptionFileHeaderRaise
                                • String ID: csm
                                • API String ID: 2573137834-1018135373
                                • Opcode ID: 51a2530866bc70b3fa6e7487cc130fe87b9602d28e5a22477376607ad08b6180
                                • Instruction ID: 25506e3256de541bfee2117c3919f70a949aa3c1ca64247e38b9531298f7d647
                                • Opcode Fuzzy Hash: 51a2530866bc70b3fa6e7487cc130fe87b9602d28e5a22477376607ad08b6180
                                • Instruction Fuzzy Hash: 80114C32A08F8582EB208F26F44026DB7A5FB98BA4F284271DE9C17769DF3DD5558B04
                                Function 00007FFE1323A15C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                • PyErr_SetString.PYTHON311 ref: 00007FFE1323A185
                                  • Part of subcall function 00007FFE1323AA7C: PyErr_SetString.PYTHON311(?,?,?,?,00007FFE1323947D,?), ref: 00007FFE1323AABD
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String
                                • String ID: NULL pointer access$Pointer does not support item deletion
                                • API String ID: 1450464846-1262937747
                                • Opcode ID: cc63e7bd2d2a3bc22265ebdaaeb10ee6e24a6e51b4ebc2f3b89706aefd929760
                                • Instruction ID: 8d652450625d6cf578840e547ab40931ca7e47e650b0d8be5eeb9714a9563244
                                • Opcode Fuzzy Hash: cc63e7bd2d2a3bc22265ebdaaeb10ee6e24a6e51b4ebc2f3b89706aefd929760
                                • Instruction Fuzzy Hash: 9A011761A08F4685EA44EB57E8504B9B364BBEAFE4B108176DE8E677B5CF3CD580C340
                                Function 00007FFE11ED48D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE11ED3588: PyErr_Format.PYTHON311 ref: 00007FFE11ED37DF
                                • PySys_Audit.PYTHON311 ref: 00007FFE11ED492C
                                  • Part of subcall function 00007FFE11ED3A8C: PyEval_SaveThread.PYTHON311 ref: 00007FFE11ED3AAA
                                  • Part of subcall function 00007FFE11ED3A8C: connect.WS2_32 ref: 00007FFE11ED3ABD
                                  • Part of subcall function 00007FFE11ED3A8C: PyEval_RestoreThread.PYTHON311 ref: 00007FFE11ED3AC8
                                  • Part of subcall function 00007FFE11ED3A8C: WSAGetLastError.WS2_32 ref: 00007FFE11ED3AD6
                                  • Part of subcall function 00007FFE11ED3A8C: WSAGetLastError.WS2_32 ref: 00007FFE11ED3AE2
                                  • Part of subcall function 00007FFE11ED3A8C: PyErr_CheckSignals.PYTHON311 ref: 00007FFE11ED3AEF
                                  • Part of subcall function 00007FFE11ED3A8C: WSASetLastError.WS2_32 ref: 00007FFE11ED3B2C
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                • String ID: connect$socket.connect
                                • API String ID: 2206401578-326844852
                                • Opcode ID: c90c4b0266b91602e8161f23e50b03107fc391df7ee58c7270176e22ef8df320
                                • Instruction ID: b519b9f1041101968bb9aa2918cac01720a7c462ec20b68d5353b3acbc291baf
                                • Opcode Fuzzy Hash: c90c4b0266b91602e8161f23e50b03107fc391df7ee58c7270176e22ef8df320
                                • Instruction Fuzzy Hash: A9112A21708E8381EF208B93FC517E763A8EB54BE0F442176DA5C47A69DE2DE1448740
                                Function 00007FFE1323E98C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE1323EA24: PyType_IsSubtype.PYTHON311(?,?,?,?,00007FFE1323E889), ref: 00007FFE1323EA31
                                • PyErr_SetString.PYTHON311 ref: 00007FFE1323E9C8
                                  • Part of subcall function 00007FFE1323AA7C: PyErr_SetString.PYTHON311(?,?,?,?,00007FFE1323947D,?), ref: 00007FFE1323AABD
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String$SubtypeType_
                                • String ID: can't delete attribute$not a ctype instance
                                • API String ID: 3320257282-2740123057
                                • Opcode ID: 18fbc3005ffdff5a035a76096331e82b7bdea77d6c35e831de142f80868fa9ec
                                • Instruction ID: ace6f971e423aede6178d893e73d883c38b92a1413611425be6459e4c4864e2c
                                • Opcode Fuzzy Hash: 18fbc3005ffdff5a035a76096331e82b7bdea77d6c35e831de142f80868fa9ec
                                • Instruction Fuzzy Hash: 74113C62A08F41C5EB50EF17E540069A3A4FB98FF4B104172EE9D63B69DF2CE555C700
                                Function 00007FFE13239638 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_ItemSequence_String
                                • String ID: args not a tuple?
                                • API String ID: 138718260-274370407
                                • Opcode ID: f981f7e703dfeb18ac4443360c7dfc39ae4566ed3aa42caf66e0419349738e14
                                • Instruction ID: 6474a9f7fb2283797861118b2fea1d60ddf2d8fc9e6e16080d4b952a3a8795a0
                                • Opcode Fuzzy Hash: f981f7e703dfeb18ac4443360c7dfc39ae4566ed3aa42caf66e0419349738e14
                                • Instruction Fuzzy Hash: 2A018C61B09F42C9E640AB16E440169A360FB99FB0F589271EE6D677A4CF2CD4D1C700
                                Function 00007FFE13239414 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String
                                • String ID: Array does not support item deletion$invalid index
                                • API String ID: 1450464846-799983634
                                • Opcode ID: 67e0225e1662b2c6de7c64aa0e1a7725335fd733c618b52c26417df970fd658a
                                • Instruction ID: 680a3709840f3458f9fcfeb76dac92482344e88a1d8043e6cb0c42a959ba56a7
                                • Opcode Fuzzy Hash: 67e0225e1662b2c6de7c64aa0e1a7725335fd733c618b52c26417df970fd658a
                                • Instruction Fuzzy Hash: CF012962A08F4689EA00EB47E4505686774FBEABE0B4051B2DA5D63370EE3DD140C300
                                Function 00007FFE13234680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                • PyErr_SetString.PYTHON311(?,?,?,00007FFE13231959), ref: 00007FFE13238EE9
                                  • Part of subcall function 00007FFE13233DC0: _PyObject_New.PYTHON311(?,?,?,?,00007FFE132346A2,?,?,?,00007FFE13231959), ref: 00007FFE13233DCB
                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE13231959), ref: 00007FFE13238EF4
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: DeallocErr_Object_String
                                • String ID: expected CData instance
                                • API String ID: 3982460303-1581534645
                                • Opcode ID: cb84d01ecd15a1eda4d8d1b175decd3e5ebb0d94a1c0848139c17e093e1ac344
                                • Instruction ID: 2bb53a55594ec905e2ae122fefc1c50ee8bc4bb12d17f01bc13a9f1eed476a77
                                • Opcode Fuzzy Hash: cb84d01ecd15a1eda4d8d1b175decd3e5ebb0d94a1c0848139c17e093e1ac344
                                • Instruction Fuzzy Hash: B6014F61A09F06C9EA14BB27D840038A7A0AFECF64F1444B0C91D6A770DF7DE599C351
                                Function 00007FFE1323B4F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AttrEqualGenericObject_StringUnicode_
                                • String ID: _fields_
                                • API String ID: 947992268-3196300388
                                • Opcode ID: c6dedb99678c499afd6badd1b017026620a4ab54dad84f9f25f416736ac5017a
                                • Instruction ID: e6133af4225f4ec25c7ec20589087924d553ccd1d10a2864621e6b65986455b0
                                • Opcode Fuzzy Hash: c6dedb99678c499afd6badd1b017026620a4ab54dad84f9f25f416736ac5017a
                                • Instruction Fuzzy Hash: 0BF04411B1CB8289EB50AF27B54022A9650AFA9FE0F589171DA1E566A4CE2CD581C700
                                Function 00007FFE1323B2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Dict_Err_ItemString
                                • String ID: abstract class
                                • API String ID: 960913676-1623945838
                                • Opcode ID: 152bc656983328e65481e0599e2526a4dd7c8e873d35052210cfab64f93eb631
                                • Instruction ID: ff832043bbba732202953447ed1d86408fd59ad49caa6fee940d9ea537890017
                                • Opcode Fuzzy Hash: 152bc656983328e65481e0599e2526a4dd7c8e873d35052210cfab64f93eb631
                                • Instruction Fuzzy Hash: 03F04950A0CE06C9FA54AF67F8840785350AFE9BB0F149276DD2E667B5DE2CE495C300
                                Function 00007FFE13213858 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919114088.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                • Associated: 00000002.00000002.2919093321.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919137685.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919160821.00007FFE13221000.00000004.00000001.01000000.00000009.sdmpDownload File
                                • Associated: 00000002.00000002.2919181821.00007FFE13222000.00000002.00000001.01000000.00000009.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13210000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Arg_$KeywordsPositional
                                • String ID: BZ2Decompressor
                                • API String ID: 1300771297-1337346095
                                • Opcode ID: 358a44a62b11731d470d0bbb96af668936168ddb6404ce11f0731b6ca31f1a24
                                • Instruction ID: 4704f9c8b31bcbd2556f9536ce62a4f90fd0b02c99c519744db725c67a34cc3f
                                • Opcode Fuzzy Hash: 358a44a62b11731d470d0bbb96af668936168ddb6404ce11f0731b6ca31f1a24
                                • Instruction Fuzzy Hash: E6F06220F08E4285FA54BB27B744035A262AFE4BF0B5542B0EA2D576B6DF5CD445C700
                                Function 00007FFE1323C398 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AuditCharFromSys_Unicode_Wide
                                • String ID: ctypes.wstring_at
                                • API String ID: 614261396-2169766756
                                • Opcode ID: c82b687e7251797f6e5b90717e26ccc800462a1ff5413f444b11774fb9a74885
                                • Instruction ID: 1cf35ec6d0402bd9bce501cdfa5c7ba0503bb1ac7db6e910e5b50815f31200d7
                                • Opcode Fuzzy Hash: c82b687e7251797f6e5b90717e26ccc800462a1ff5413f444b11774fb9a74885
                                • Instruction Fuzzy Hash: B8F05451B18D4299EE546B63F9940B9A210AFACBF4B449371D93E971F0DD6CD194C301
                                Function 00007FFE1323C33C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: AuditBytes_FromSizeStringSys_
                                • String ID: ctypes.string_at
                                • API String ID: 1783689829-1910480597
                                • Opcode ID: ad0ccf7f71804dd0e038b4a23bae58c0fa799e11b1e17efbe4fa3c6d44ce38ba
                                • Instruction ID: 09ab8adf539737dc92ef2571ba2cf49015dcf2dd2c16cfd92dab944c71ba2568
                                • Opcode Fuzzy Hash: ad0ccf7f71804dd0e038b4a23bae58c0fa799e11b1e17efbe4fa3c6d44ce38ba
                                • Instruction Fuzzy Hash: 1AF03051B0CE6289EF60AB27A980178A6519FE9BF4F149371CD3E525F4DE1C9084D201
                                Function 00007FFE11ED3864 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918548701.00007FFE11ED1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11ED0000, based on PE: true
                                • Associated: 00000002.00000002.2918527409.00007FFE11ED0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918571891.00007FFE11ED8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918593560.00007FFE11EE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                • Associated: 00000002.00000002.2918613609.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe11ed0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_String
                                • String ID: getsockaddrlen: bad family$getsockaddrlen: unknown BT protocol
                                • API String ID: 1450464846-3381576205
                                • Opcode ID: cbb85a40afec8d8469eadcacea966656172139c73b3414318d60d7fc7aec7ced
                                • Instruction ID: 1c67b4ba4c63b219fcc2b9ca111cd91547c180db0c0dfdef7998b27e5292ecec
                                • Opcode Fuzzy Hash: cbb85a40afec8d8469eadcacea966656172139c73b3414318d60d7fc7aec7ced
                                • Instruction Fuzzy Hash: E9F01DF9D0C902C1FF648F8ACC5627EA2A9AB04760FA064B1C50D872F0CF7CE4959740
                                Function 00007FFE13232470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FromLong_Ssize_t
                                • String ID: this type has no size
                                • API String ID: 168540982-982649334
                                • Opcode ID: 6f14cdcc885872a6a1df23694bcedff85d145f2805944da9bd946685c2c050ae
                                • Instruction ID: 56404eb61662dc41d4488138f27a1bd77122fe452b0111aa1dfaa8bb2ba1adfc
                                • Opcode Fuzzy Hash: 6f14cdcc885872a6a1df23694bcedff85d145f2805944da9bd946685c2c050ae
                                • Instruction Fuzzy Hash: 0EF0AC51B18E03C9FE54BB67E851038A360AFEDFA4F1450B1CE0EA6671DE2CE494C250
                                Function 00007FFE1330EE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FFE1330F050: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1330F110
                                  • Part of subcall function 00007FFE1330F050: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFE1330EE15), ref: 00007FFE1330F15F
                                  • Part of subcall function 00007FFE133069C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE133025CE), ref: 00007FFE133069CE
                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1330EE3A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: CurrentImageNonwritableUnwindabortterminate
                                • String ID: csm$f
                                • API String ID: 4189928240-629598281
                                • Opcode ID: 41dc89b1ce5f079b65ce2aaee024a8a434243f0f20765bf48ba2e403aae6c5bc
                                • Instruction ID: 30d619e7705266f3b91a55b2f98b01caa803b1119babd844cf69a9ddf2b8b59f
                                • Opcode Fuzzy Hash: 41dc89b1ce5f079b65ce2aaee024a8a434243f0f20765bf48ba2e403aae6c5bc
                                • Instruction Fuzzy Hash: 49E02B72D08F46C8EB206B23B18413D67A0EF25B70F1880B0DAAC16A7ACF3CD4D0C209
                                Function 00007FFE1323DDFC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: PrintableUnicode_
                                • String ID: '$\
                                • API String ID: 1291510985-1366717710
                                • Opcode ID: 8f056e593a683e8d15de34f78a6f47cb157d5505191b12e7d535d23602ebe9e6
                                • Instruction ID: 8611c5bc0c76ad24ca9488416c41472735a89c549d318003461ab6a0abdca7ee
                                • Opcode Fuzzy Hash: 8f056e593a683e8d15de34f78a6f47cb157d5505191b12e7d535d23602ebe9e6
                                • Instruction Fuzzy Hash: 83E02621F3AE018AFB713727B88437552826BF8370F4C1070DA19022E8CD2CD8C1C380
                                Function 00007FFE1323E940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: FormatFromUnicode_
                                • String ID: <Field type=%s, ofs=%zd, size=%zd>$<Field type=%s, ofs=%zd:%zd, bits=%zd>
                                • API String ID: 3889672380-2914491812
                                • Opcode ID: 08e4dafb61acecda0dd77ce9d4e7f7947246ca23280beaed436fd91f997484e9
                                • Instruction ID: da15f71046f263ce08cbf9b2c1cafadb92abb15ddc31968361742f5e32edeecf
                                • Opcode Fuzzy Hash: 08e4dafb61acecda0dd77ce9d4e7f7947246ca23280beaed436fd91f997484e9
                                • Instruction Fuzzy Hash: FEE01A76B04E41C6DB54EB0ED8414687720FBA9B68BA105A6CE4C23370CF3CD5BAC740
                                Function 00007FFE13233DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Err_$OccurredString
                                • String ID: PyObject is NULL
                                • API String ID: 114435612-3221357749
                                • Opcode ID: 2e5002b93a88984c719b4076089918ef8885b05004490f6185a51e22d0327163
                                • Instruction ID: 3889b577da32fe8dc71a81d06a7fd99156aa312cd1e91560f469c60217edc93b
                                • Opcode Fuzzy Hash: 2e5002b93a88984c719b4076089918ef8885b05004490f6185a51e22d0327163
                                • Instruction Fuzzy Hash: 88E0BF10A0AE03D9EE457B27D84013467A0BFECB65F5484B5CA0E66370DE7CA099D740
                                Function 00007FFE1323F3B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Capsule_FreeMem_Pointer
                                • String ID: _ctypes/cfield.c pymem
                                • API String ID: 1268649101-2578739719
                                • Opcode ID: 13f5c1952ace5f4f8c9f181e4b2ebf5f0c2b934a391285e14cb501e27f568ab5
                                • Instruction ID: 2614caf76b335b817256b5eb779c272694c511e93c05eb21bc091c89e98aaf85
                                • Opcode Fuzzy Hash: 13f5c1952ace5f4f8c9f181e4b2ebf5f0c2b934a391285e14cb501e27f568ab5
                                • Instruction Fuzzy Hash: DCC01210E0AE42D5ED487B03A84413453607FA8B24F8444B4C50D25230EE7C64D9C700
                                Function 00007FFE1323DEB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919228106.00007FFE13231000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13230000, based on PE: true
                                • Associated: 00000002.00000002.2919204380.00007FFE13230000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919251754.00007FFE13240000.00000002.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919274745.00007FFE13247000.00000004.00000001.01000000.00000007.sdmpDownload File
                                • Associated: 00000002.00000002.2919297506.00007FFE1324B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13230000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: Capsule_FreeMem_Pointer
                                • String ID: _ctypes pymem
                                • API String ID: 1268649101-201515578
                                • Opcode ID: 62ef90d10503a54e82f353289ff9a1ab72bad7d0f7bb64e3368930f79f513158
                                • Instruction ID: 8dfb3449471f4fc992547c7ce6d906d8f365374b7e5f5596bcf5903027c8471e
                                • Opcode Fuzzy Hash: 62ef90d10503a54e82f353289ff9a1ab72bad7d0f7bb64e3368930f79f513158
                                • Instruction Fuzzy Hash: EEC01210E0AF42CAEE48BB03AC840345760BFA8B25F8844B4C90E21230EE2CA099C300
                                Function 00007FFE126D9B80 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2918657124.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                • Associated: 00000002.00000002.2918635528.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918684427.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918728516.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                • Associated: 00000002.00000002.2918748654.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe126d0000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: memmove
                                • String ID:
                                • API String ID: 2162964266-0
                                • Opcode ID: c068294ce80d76129103adf30cca446a873a09723e5147e2e41425c55f16ae33
                                • Instruction ID: e9c32e623541b2ab4c7a718b13346fe7eb9b3df39d20e2c6f517aff759b03b99
                                • Opcode Fuzzy Hash: c068294ce80d76129103adf30cca446a873a09723e5147e2e41425c55f16ae33
                                • Instruction Fuzzy Hash: 6A21E832708A45C7D710DF37A80406DB762FB54BA0B284039DB8E47BE5CEB9E451D704
                                Function 00007FFE133069DC Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(?,?,?,00007FFE13306859,?,?,?,?,00007FFE1330FF42,?,?,?,?,?), ref: 00007FFE133069FB
                                • SetLastError.KERNEL32(?,?,?,00007FFE13306859,?,?,?,?,00007FFE1330FF42,?,?,?,?,?), ref: 00007FFE13306A84
                                Memory Dump Source
                                • Source File: 00000002.00000002.2919340141.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                • Associated: 00000002.00000002.2919319410.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919366118.00007FFE13311000.00000002.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919387803.00007FFE13316000.00000004.00000001.01000000.00000006.sdmpDownload File
                                • Associated: 00000002.00000002.2919409941.00007FFE13317000.00000002.00000001.01000000.00000006.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_7ffe13300000_SecuriteInfo.jbxd
                                Similarity
                                • API ID: ErrorLast
                                • String ID:
                                • API String ID: 1452528299-0
                                • Opcode ID: bbe9895d534b658101cce7e74ca5bd95b80ee12bf15f37732e53d0ee5c009e2b
                                • Instruction ID: c5311685e5e83f571a07e14d483ead29766d62b4c63f4824d236fbe473c61dee
                                • Opcode Fuzzy Hash: bbe9895d534b658101cce7e74ca5bd95b80ee12bf15f37732e53d0ee5c009e2b
                                • Instruction Fuzzy Hash: A2115420F0DE028EFA509763A8041392291EF687F0F2446B4DD7E323F9DE2CA4419708