Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zZ8OdFfZnb.exe

Overview

General Information

Sample name:zZ8OdFfZnb.exe
renamed because original name is a hash value
Original sample name:009cd6b28c31516976cb86fb7e15fc325650549bc9d7724aa33b42aaa6e87f94.exe
Analysis ID:1573677
MD5:c609aa9c95f4bc7f308ac50c01452926
SHA1:db78a1b577cdbef87ab2bc9f8232778b7715e589
SHA256:009cd6b28c31516976cb86fb7e15fc325650549bc9d7724aa33b42aaa6e87f94
Tags:bootstrap8444-bitmessage-orgexeuser-JAMESWT_MHT
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Found pyInstaller with non standard icon
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

  • System is w10x64
  • zZ8OdFfZnb.exe (PID: 1472 cmdline: "C:\Users\user\Desktop\zZ8OdFfZnb.exe" MD5: C609AA9C95F4BC7F308AC50C01452926)
    • zZ8OdFfZnb.exe (PID: 5916 cmdline: "C:\Users\user\Desktop\zZ8OdFfZnb.exe" MD5: C609AA9C95F4BC7F308AC50C01452926)
  • cleanup
No configs have been found
No yara matches
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 185.19.31.46, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\zZ8OdFfZnb.exe, Initiated: true, ProcessId: 5916, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49722
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-12T13:47:54.307701+010020220751Potential Corporate Privacy Violation192.168.2.649723158.69.63.428080TCP
2024-12-12T13:47:54.307701+010020220751Potential Corporate Privacy Violation192.168.2.64978966.65.120.1518080TCP
2024-12-12T13:47:54.307701+010020220751Potential Corporate Privacy Violation192.168.2.649722185.19.31.468080TCP
2024-12-12T13:48:05.938612+010020220751Potential Corporate Privacy Violation192.168.2.649722185.19.31.468080TCP
2024-12-12T13:48:06.161557+010020220751Potential Corporate Privacy Violation192.168.2.649723158.69.63.428080TCP
2024-12-12T13:48:30.707612+010020220751Potential Corporate Privacy Violation192.168.2.64978966.65.120.1518080TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.8% probability
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003301000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: The contents of the file before the "-----BEGIN RSA PUBLIC KEY-----" andmemstr_3f0a2369-b
Source: zZ8OdFfZnb.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
Source: zZ8OdFfZnb.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_sqlite3.pdb5_ source: zZ8OdFfZnb.exe, 00000000.00000003.2215039072.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_sqlite3.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2215039072.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: msvcp90.i386.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2203609569.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcr90.i386.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2203264355.000000000266E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\pyexpat.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2209065790.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2209243701.000000000256C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_multiprocessing.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2209926742.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.0.1e\out32dll\libeay32.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065052008.0000000004421000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: msvcm90.i386.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2204430140.0000000002570000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2203711046.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_ssl.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2207031396.000000000266B000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_ctypes.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2208925209.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_socket.pdb% source: zZ8OdFfZnb.exe, 00000000.00000003.2216058677.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\pyexpat.pdb%> source: zZ8OdFfZnb.exe, 00000000.00000003.2209065790.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2209243701.000000000256C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\unicodedata.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2206017721.0000000002666000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_socket.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2216058677.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_multiprocessing.pdbU7 source: zZ8OdFfZnb.exe, 00000000.00000003.2209926742.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_hashlib.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2206319988.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2206529512.0000000002581000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065427154.0000000010029000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\sqlite3.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2227397563.0000000002593000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2227155168.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\python27.pdb! source: zZ8OdFfZnb.exe, 00000000.00000003.2205360530.0000000002782000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065649736.000000001E0FE000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\python27.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2205360530.0000000002782000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065649736.000000001E0FE000.00000002.00000001.01000000.00000004.sdmp
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D8745B __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,0_2_00D8745B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D88FC6 FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,0_2_00D88FC6
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 185.19.31.46:8080
Source: global trafficTCP traffic: 192.168.2.6:49723 -> 158.69.63.42:8080
Source: global trafficTCP traffic: 192.168.2.6:49724 -> 185.158.248.216:8444
Source: global trafficTCP traffic: 192.168.2.6:49725 -> 84.48.88.42:8444
Source: global trafficTCP traffic: 192.168.2.6:49736 -> 60.242.109.18:8444
Source: global trafficTCP traffic: 192.168.2.6:49742 -> 85.25.152.9:8444
Source: global trafficTCP traffic: 192.168.2.6:49743 -> 194.164.163.84:8444
Source: global trafficTCP traffic: 192.168.2.6:49744 -> 74.132.73.137:8444
Source: global trafficTCP traffic: 192.168.2.6:49789 -> 66.65.120.151:8080
Source: global trafficTCP traffic: 192.168.2.6:49795 -> 85.114.135.102:8444
Source: global trafficTCP traffic: 192.168.2.6:49806 -> 76.180.233.38:8444
Source: Network trafficSuricata IDS: 2022075 - Severity 1 - ET MALWARE Possible Chimera Ransomware - Bitmessage Activity : 192.168.2.6:49723 -> 158.69.63.42:8080
Source: Network trafficSuricata IDS: 2022075 - Severity 1 - ET MALWARE Possible Chimera Ransomware - Bitmessage Activity : 192.168.2.6:49722 -> 185.19.31.46:8080
Source: Network trafficSuricata IDS: 2022075 - Severity 1 - ET MALWARE Possible Chimera Ransomware - Bitmessage Activity : 192.168.2.6:49789 -> 66.65.120.151:8080
Source: unknownTCP traffic detected without corresponding DNS query: 84.48.88.42
Source: unknownTCP traffic detected without corresponding DNS query: 84.48.88.42
Source: unknownTCP traffic detected without corresponding DNS query: 84.48.88.42
Source: unknownTCP traffic detected without corresponding DNS query: 60.242.109.18
Source: unknownTCP traffic detected without corresponding DNS query: 60.242.109.18
Source: unknownTCP traffic detected without corresponding DNS query: 60.242.109.18
Source: unknownTCP traffic detected without corresponding DNS query: 74.132.73.137
Source: unknownTCP traffic detected without corresponding DNS query: 74.132.73.137
Source: unknownTCP traffic detected without corresponding DNS query: 74.132.73.137
Source: unknownTCP traffic detected without corresponding DNS query: 84.48.88.42
Source: unknownTCP traffic detected without corresponding DNS query: 84.48.88.42
Source: unknownTCP traffic detected without corresponding DNS query: 66.65.120.151
Source: unknownTCP traffic detected without corresponding DNS query: 66.65.120.151
Source: unknownTCP traffic detected without corresponding DNS query: 66.65.120.151
Source: unknownTCP traffic detected without corresponding DNS query: 60.242.109.18
Source: unknownTCP traffic detected without corresponding DNS query: 60.242.109.18
Source: unknownTCP traffic detected without corresponding DNS query: 74.132.73.137
Source: unknownTCP traffic detected without corresponding DNS query: 74.132.73.137
Source: unknownTCP traffic detected without corresponding DNS query: 76.180.233.38
Source: unknownTCP traffic detected without corresponding DNS query: 76.180.233.38
Source: unknownTCP traffic detected without corresponding DNS query: 76.180.233.38
Source: unknownTCP traffic detected without corresponding DNS query: 66.65.120.151
Source: unknownTCP traffic detected without corresponding DNS query: 66.65.120.151
Source: unknownTCP traffic detected without corresponding DNS query: 76.180.233.38
Source: unknownTCP traffic detected without corresponding DNS query: 76.180.233.38
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_01183513 PyEval_SaveThread,recv,PyEval_RestoreThread,PyErr_SetString,2_2_01183513
Source: global trafficDNS traffic detected: DNS query: bootstrap8080.bitmessage.org
Source: global trafficDNS traffic detected: DNS query: bootstrap8444.bitmessage.org
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063456879.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Bitmessage.org/wiki/PyBitmessage_Help
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066785584.000000006C700000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://qt.digia.com/
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066785584.000000006C700000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://qt.digia.com/product/licensing
Source: zZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000003.2231349902.00000000035C8000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003577000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-ietf-smime-sender-auth-00
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entityUnknown
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.python.org/moin/BitManipulation
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003577000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: zZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php.
Source: zZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065101571.000000000447A000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.openssl.org/V
Source: zZ8OdFfZnb.exe, zZ8OdFfZnb.exe, 00000002.00000002.4065427154.0000000010029000.00000002.00000001.01000000.0000000A.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065052008.0000000004421000.00000002.00000001.01000000.00000010.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: zZ8OdFfZnb.exe, 00000000.00000003.2206319988.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2206529512.0000000002581000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065427154.0000000010029000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: zZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065052008.0000000004421000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003577000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: zZ8OdFfZnb.exe, 00000002.00000002.4065649736.000000001E0FE000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.python.org/peps/pep-0263.html
Source: zZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063218683.0000000002C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.riverbankcomputing.com/software/pyqt/download
Source: zZ8OdFfZnb.exe, 00000000.00000003.2206017721.00000000026D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/reports/tr44/tr44-4.html).
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: zZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitmessage.org/wiki/Protocol_specification#Pubkey_bitfield_features
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://en.bitcoin.it/wiki/Wallet_import_format
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D83D800_2_00D83D80
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D85EB00_2_00D85EB0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D846470_2_00D84647
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D857800_2_00D85780
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D853300_2_00D85330
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DBE6EE2_2_02DBE6EE
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02D9DD692_2_02D9DD69
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DC43CF2_2_02DC43CF
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02D940612_2_02D94061
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DD31EF2_2_02DD31EF
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DC06812_2_02DC0681
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DD37332_2_02DD3733
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DD4B8C2_2_02DD4B8C
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DB8EB62_2_02DB8EB6
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DD3E2B2_2_02DD3E2B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DCAF6D2_2_02DCAF6D
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DD2CAB2_2_02DD2CAB
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02D94D492_2_02D94D49
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F993B52_2_03F993B5
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA73192_2_03FA7319
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F962F02_2_03F962F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA22E02_2_03FA22E0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA72602_2_03FA7260
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9D2302_2_03F9D230
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F6A21E2_2_03F6A21E
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FB71E02_2_03FB71E0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F841102_2_03F84110
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F6A0F02_2_03F6A0F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA20F02_2_03FA20F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9A0E02_2_03F9A0E0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA10E02_2_03FA10E0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F970C02_2_03F970C0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA07EA2_2_03FA07EA
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F987B82_2_03F987B8
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FAA6202_2_03FAA620
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F965B02_2_03F965B0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9A5822_2_03F9A582
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F6E5002_2_03F6E500
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9C4E02_2_03F9C4E0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9E4002_2_03F9E400
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F99B9D2_2_03F99B9D
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F82B502_2_03F82B50
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA6B202_2_03FA6B20
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9EA802_2_03F9EA80
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F949F02_2_03F949F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F869C02_2_03F869C0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9F9842_2_03F9F984
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F829402_2_03F82940
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA29202_2_03FA2920
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA09142_2_03FA0914
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9C8FB2_2_03F9C8FB
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA18802_2_03FA1880
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9E8602_2_03F9E860
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F998532_2_03F99853
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9D8302_2_03F9D830
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9DFD02_2_03F9DFD0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA3FC12_2_03FA3FC1
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9CF602_2_03F9CF60
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F7BF502_2_03F7BF50
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9AF302_2_03F9AF30
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA1F002_2_03FA1F00
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA9ED02_2_03FA9ED0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA0EC02_2_03FA0EC0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FAFE902_2_03FAFE90
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F89E502_2_03F89E50
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F69D702_2_03F69D70
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F96D602_2_03F96D60
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA6D402_2_03FA6D40
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F6CD202_2_03F6CD20
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9DD102_2_03F9DD10
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F83CE02_2_03F83CE0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FA9CB02_2_03FA9CB0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F97CA02_2_03F97CA0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FAAC9C2_2_03FAAC9C
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F9AC602_2_03F9AC60
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 03F672D0 appears 181 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 03F6B5C0 appears 37 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 02D946B1 appears 33 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 02D94613 appears 104 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 02DA2853 appears 38 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 00D81860 appears 62 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 03F68490 appears 127 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 03F808B0 appears 37 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 03FCA370 appears 409 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 03F64470 appears 31 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 02D93DD3 appears 41 times
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: String function: 00D89E60 appears 42 times
Source: zZ8OdFfZnb.exe, 00000000.00000003.2212998531.0000000002566000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqmng4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2204430140.0000000002570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSVCM90.DLL^ vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2211889671.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvgicon4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2217608866.0000000002912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQtCore4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2205360530.0000000002965000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython27.dll. vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2203609569.0000000000CF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSVCP90.DLL^ vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2208563967.0000000002583000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqjpcodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2208384370.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqjpcodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQtXml4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2203264355.0000000002707000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSVCR90.DLL^ vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQtXml4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2212240381.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqjpeg4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2208358794.000000000259C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqcncodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2225327751.00000000029DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQtGui4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2203711046.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSVCM90.DLL^ vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibeay32.dllH vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2214231927.0000000002576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtiff4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2211986000.0000000002567000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqsvgicon4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2213523389.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtiff4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2208869380.000000000257B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameqtwcodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2225831617.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQtSvg4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000000.00000003.2227031643.0000000002666000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQtOpenGL4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4071211429.000000006EA12000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenameqjpeg4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4070354398.000000006D1F7000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameQtCore4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066077272.000000001E22C000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython27.dll. vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4065101571.000000000447A000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibeay32.dllH vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066948741.000000006C907000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameQtGui4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4071651237.0000000073F28000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenameqgif4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066235753.000000006C11A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenameqjpcodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4070793341.000000006E4F5000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenameqcncodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4071048114.000000006E9D7000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenameqtga4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066400258.000000006C1A7000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenameqmng4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4071522244.0000000072EC9000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenameqico4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066159686.000000006C0E8000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenameqtwcodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4070941176.000000006E9C5000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameqkrcodecs4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066321368.000000006C165000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameqtiff4.dll( vs zZ8OdFfZnb.exe
Source: zZ8OdFfZnb.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.evad.winEXE@3/44@2/11
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02D95BF9 GetLastError,FormatMessageW,FormatMessageA,sqlite3_win32_mbcs_to_utf8,LocalFree,sqlite3_snprintf,sqlite3_snprintf,2_2_02D95BF9
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02D95FE7 GetDiskFreeSpaceW,GetDiskFreeSpaceA,2_2_02D95FE7
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Roaming\PyBitmessage\Jump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722Jump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCommand line argument: _MEIPASS2=0_2_00D814F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCommand line argument: PASS2=0_2_00D814F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCommand line argument: _MEIPASS20_2_00D814F0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCommand line argument: Rx#0_2_00D814F0
Source: zZ8OdFfZnb.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: zZ8OdFfZnb.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: zZ8OdFfZnb.exeBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: zZ8OdFfZnb.exe, 00000000.00000003.2227397563.0000000002593000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2227155168.0000000002561000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: zZ8OdFfZnb.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: zZ8OdFfZnb.exe, 00000002.00000002.4065157021.0000000004516000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_knownnodes_1','knownnodes',#4,NULL);
Source: zZ8OdFfZnb.exe, 00000002.00000002.4065157021.0000000004516000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_pubkeys_1','pubkeys',#4,NULL);St
Source: zZ8OdFfZnb.exe, 00000002.00000002.4065157021.0000000004516000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_pubkeys_1','pubkeys',#4,NULL);
Source: zZ8OdFfZnb.exeBinary or memory string: UPDATE sqlite_master SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: zZ8OdFfZnb.exeBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: zZ8OdFfZnb.exeBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: zZ8OdFfZnb.exeString found in binary or memory: can't send non-None value to a just-started generator
Source: zZ8OdFfZnb.exeString found in binary or memory: --help
Source: zZ8OdFfZnb.exeString found in binary or memory: --help
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile read: C:\Users\user\Desktop\zZ8OdFfZnb.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\zZ8OdFfZnb.exe "C:\Users\user\Desktop\zZ8OdFfZnb.exe"
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess created: C:\Users\user\Desktop\zZ8OdFfZnb.exe "C:\Users\user\Desktop\zZ8OdFfZnb.exe"
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess created: C:\Users\user\Desktop\zZ8OdFfZnb.exe "C:\Users\user\Desktop\zZ8OdFfZnb.exe"Jump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: libeay32.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: wintab32.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: qtsvg4.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: wintab32.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: qtsvg4.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: qtsvg4.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: zZ8OdFfZnb.exeStatic file information: File size 12334118 > 1048576
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
Source: zZ8OdFfZnb.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_sqlite3.pdb5_ source: zZ8OdFfZnb.exe, 00000000.00000003.2215039072.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_sqlite3.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2215039072.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: msvcp90.i386.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2203609569.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcr90.i386.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2203264355.000000000266E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\pyexpat.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2209065790.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2209243701.000000000256C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_multiprocessing.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2209926742.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.0.1e\out32dll\libeay32.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065052008.0000000004421000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: msvcm90.i386.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2204430140.0000000002570000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2203711046.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_ssl.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2207031396.000000000266B000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_ctypes.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2208925209.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_socket.pdb% source: zZ8OdFfZnb.exe, 00000000.00000003.2216058677.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\pyexpat.pdb%> source: zZ8OdFfZnb.exe, 00000000.00000003.2209065790.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2209243701.000000000256C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\unicodedata.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2206017721.0000000002666000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_socket.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2216058677.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_multiprocessing.pdbU7 source: zZ8OdFfZnb.exe, 00000000.00000003.2209926742.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\_hashlib.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2206319988.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2206529512.0000000002581000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065427154.0000000010029000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\sqlite3.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2227397563.0000000002593000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2227155168.0000000002561000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\python27.pdb! source: zZ8OdFfZnb.exe, 00000000.00000003.2205360530.0000000002782000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065649736.000000001E0FE000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\Users\martin\27\python\PCbuild\Win32-pgo\python27.pdb source: zZ8OdFfZnb.exe, 00000000.00000003.2205360530.0000000002782000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065649736.000000001E0FE000.00000002.00000001.01000000.00000004.sdmp
Source: zZ8OdFfZnb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: zZ8OdFfZnb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: zZ8OdFfZnb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: zZ8OdFfZnb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: zZ8OdFfZnb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D904DA LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00D904DA
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D89EA5 push ecx; ret 0_2_00D89EB8
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_01181E11 push ecx; ret 2_2_01181E24
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_01195F21 push ecx; ret 2_2_01195F34
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DCB579 push ecx; ret 2_2_02DCB58C
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FCAA71 push ecx; ret 2_2_03FCAA84
Source: msvcr90.dll.0.drStatic PE information: section name: .text entropy: 6.92063892456726
Source: python27.dll.0.drStatic PE information: section name: .text entropy: 6.807628243800065

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess created: "C:\Users\user\Desktop\zZ8OdFfZnb.exe"
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\QtSvg4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\iconusers\qsvgicon4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\msvcr90.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qtga4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\graphicssystems\qglgraphicssystem4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\msvcp90.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\select.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qmng4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\QtGui4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qkrcodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qtwcodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\libeay32.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\QtCore4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\sip.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\QtXml4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\python27.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qsvg4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qjpeg4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\QtOpenGL4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qtiff4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qgif4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qcncodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\msvcm90.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qjpcodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qico4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D81DA0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00D81DA0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F78C84 rdtsc 2_2_03F78C84
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\iconusers\qsvgicon4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\msvcr90.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\graphicssystems\qglgraphicssystem4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qtga4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\msvcp90.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtGui.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\select.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qmng4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qkrcodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qtwcodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\sip.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtCore.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qsvg4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\python27.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qjpeg4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\QtOpenGL4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qtiff4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qgif4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qcncodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qjpcodecs4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qico4.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI14722\msvcm90.dllJump to dropped file
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-10798
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-10770
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeAPI coverage: 4.1 %
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exe TID: 5348Thread sleep time: -75000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exe TID: 6800Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02D96101 GetSystemTime followed by cmp: cmp eax, 04h and CTI: jc 02D96145h2_2_02D96101
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D8745B __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,0_2_00D8745B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D88FC6 FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,0_2_00D88FC6
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeThread delayed: delay time: 300000Jump to behavior
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066932133.000000006C8FA000.00000004.00000001.01000000.00000009.sdmpBinary or memory string: -{l.?AVQEmulationPaintuser@@
Source: zZ8OdFfZnb.exe, 00000000.00000003.2225327751.00000000029DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -`e.?AVQEmulationPaintuser@@
Source: zZ8OdFfZnb.exe, 00000002.00000002.4063081242.00000000012F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
Source: zZ8OdFfZnb.exe, 00000000.00000003.2225327751.00000000029DB000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4066932133.000000006C8FA000.00000004.00000001.01000000.00000009.sdmpBinary or memory string: .?AVQEmulationPaintuser@@
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeAPI call chain: ExitProcess graph end nodegraph_0-10772
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeAPI call chain: ExitProcess graph end nodegraph_2-89225
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F78C84 rdtsc 2_2_03F78C84
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D861BD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D861BD
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D904DA LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00D904DA
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D90DE6 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00D90DE6
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D861BD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D861BD
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D8EAE3 SetUnhandledExceptionFilter,0_2_00D8EAE3
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D89B1B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D89B1B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_01181F0E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_01181F0E
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_0119601E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_0119601E
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DCE1E4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_02DCE1E4
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DCFF03 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_02DCFF03
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DCBC59 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_02DCBC59
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03FCA3A2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_03FCA3A2
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeProcess created: C:\Users\user\Desktop\zZ8OdFfZnb.exe "C:\Users\user\Desktop\zZ8OdFfZnb.exe"Jump to behavior
Source: zZ8OdFfZnb.exe, 00000002.00000002.4066785584.000000006C700000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: bl`+KlChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: zZ8OdFfZnb.exe, 00000000.00000003.2225327751.00000000029DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Ge`+0eChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_03F78BD0 cpuid 2_2_03F78BD0
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: GetLocaleInfoA,2_2_02DD136D
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\Desktop\zZ8OdFfZnb.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtCore.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\sip.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtGui.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\_sqlite3.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI14722\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Roaming\PyBitmessage\keys.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Roaming\PyBitmessage\keys.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Roaming\PyBitmessage\knownnodes.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeQueries volume information: C:\Users\user\AppData\Roaming\PyBitmessage\knownnodes.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D8EF18 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00D8EF18
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D90F9C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_00D90F9C
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 0_2_00D81000 _memset,GetVersionExA,_strrchr,_strrchr,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00D81000
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_01182823 PyInt_AsLong,PyErr_Occurred,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_01182823
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_0118555F PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_0118555F
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_01194F31 sqlite3_bind_null,PyFloat_Type,PyFloat_Type,PyType_IsSubtype,PyErr_SetString,PyObject_AsCharBuffer,sqlite3_bind_blob,PyExc_ValueError,PyExc_ValueError,PyUnicodeUCS2_AsUTF8String,PyString_AsStringAndSize,sqlite3_bind_text,PyString_AsStringAndSize,sqlite3_bind_text,PyFloat_AsDouble,sqlite3_bind_double,PyLong_AsLongLong,PyInt_AsLong,sqlite3_bind_int64,2_2_01194F31
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_0119518A PyTuple_SetItem,PyEval_SaveThread,sqlite3_bind_parameter_count,PyEval_RestoreThread,PySequence_Check,PyEval_SaveThread,sqlite3_bind_parameter_name,PyEval_RestoreThread,PyDict_GetItemString,PyMapping_GetItemString,PyErr_Clear,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_SetString,PySequence_Size,PyErr_Format,PySequence_GetItem,PyErr_Clear,PyErr_Occurred,PyErr_Format,2_2_0119518A
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_0119545B PyTuple_SetItem,PyString_AsString,PyEval_SaveThread,sqlite3_prepare,PyEval_RestoreThread,sqlite3_bind_parameter_count,sqlite3_transfer_bindings,sqlite3_finalize,2_2_0119545B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA42F2 sqlite3_bind_parameter_index,2_2_02DA42F2
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA4262 sqlite3_bind_parameter_name,2_2_02DA4262
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA4208 sqlite3_bind_parameter_count,2_2_02DA4208
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA9392 sqlite3_blob_open,sqlite3_mutex_enter,_memset,sqlite3_bind_int64,sqlite3_step,sqlite3_finalize,sqlite3_errmsg,sqlite3_mutex_leave,2_2_02DA9392
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA435B sqlite3_transfer_bindings,2_2_02DA435B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA40E1 sqlite3_bind_text,2_2_02DA40E1
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA40B9 sqlite3_bind_null,sqlite3_mutex_leave,2_2_02DA40B9
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA404D sqlite3_bind_int,sqlite3_bind_int64,2_2_02DA404D
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA406B sqlite3_bind_int64,sqlite3_mutex_leave,2_2_02DA406B
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA41C7 sqlite3_bind_zeroblob,sqlite3_mutex_leave,2_2_02DA41C7
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA4101 sqlite3_bind_text16,2_2_02DA4101
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA4121 sqlite3_bind_value,sqlite3_bind_null,sqlite3_bind_zeroblob,sqlite3_bind_blob,sqlite3_bind_double,sqlite3_bind_int64,2_2_02DA4121
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA3506 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,2_2_02DA3506
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA3FDD sqlite3_bind_blob,2_2_02DA3FDD
Source: C:\Users\user\Desktop\zZ8OdFfZnb.exeCode function: 2_2_02DA3FFD sqlite3_bind_double,sqlite3_mutex_leave,2_2_02DA3FFD
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter
1
DLL Side-Loading
12
Process Injection
1
Masquerading
OS Credential Dumping12
System Time Discovery
Remote Services11
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API
Boot or Logon Initialization Scripts1
DLL Side-Loading
21
Virtualization/Sandbox Evasion
LSASS Memory31
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)12
Process Injection
Security Account Manager1
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information
NTDS21
Virtualization/Sandbox Evasion
Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information
LSA Secrets1
File and Directory Discovery
SSHKeylogging1
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing
Cached Domain Credentials35
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
zZ8OdFfZnb.exe11%ReversingLabs
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtCore.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\PyQt4.QtGui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\QtCore4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\QtGui4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\QtOpenGL4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\QtSvg4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\QtXml4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\libeay32.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\msvcm90.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\msvcp90.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\msvcr90.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\python27.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qcncodecs4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qjpcodecs4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qkrcodecs4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\codecs\qtwcodecs4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\graphicssystems\qglgraphicssystem4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\iconusers\qsvgicon4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qgif4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qico4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qjpeg4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qmng4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qsvg4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qtga4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\qt4_plugins\imageformats\qtiff4.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\sip.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\sqlite3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI14722\unicodedata.pyd0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://bitmessage.org/wiki/Protocol_specification#Pubkey_bitfield_features0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-start-end-entity0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa0%Avira URL Cloudsafe
http://www.riverbankcomputing.com/software/pyqt/download0%Avira URL Cloudsafe
http://qt.digia.com/0%Avira URL Cloudsafe
http://Bitmessage.org/wiki/PyBitmessage_Help0%Avira URL Cloudsafe
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes0%Avira URL Cloudsafe
http://qt.digia.com/product/licensing0%Avira URL Cloudsafe
http://xml.org/sax/features/namespace-prefixes0%Avira URL Cloudsafe
http://www.opensource.org/licenses/mit-license.php.0%Avira URL Cloudsafe
https://en.bitcoin.it/wiki/Wallet_import_format0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-whitespace-only-CharData0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-start-end-entityUnknown0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
bootstrap8444.bitmessage.org
85.25.152.9
truefalse
    high
    bootstrap8080.bitmessage.org
    185.19.31.46
    truefalse
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespazZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://www.riverbankcomputing.com/software/pyqt/downloadzZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063218683.0000000002C91000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNGzZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065052008.0000000004421000.00000002.00000001.01000000.00000010.sdmpfalse
        high
        http://Bitmessage.org/wiki/PyBitmessage_HelpzZ8OdFfZnb.exe, 00000002.00000002.4063456879.0000000002FC0000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        http://www.opensource.org/licenses/mit-license.phpzZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003301000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          http://qt.digia.com/zZ8OdFfZnb.exe, 00000002.00000002.4066785584.000000006C700000.00000002.00000001.01000000.00000009.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemeszZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003577000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://bitmessage.org/wiki/Protocol_specification#Pubkey_bitfield_featureszZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.openssl.org/VzZ8OdFfZnb.exe, 00000000.00000003.2227919903.0000000002665000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065101571.000000000447A000.00000002.00000001.01000000.00000010.sdmpfalse
            high
            http://www.openssl.org/support/faq.html....................zZ8OdFfZnb.exe, 00000000.00000003.2206319988.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2206529512.0000000002581000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065427154.0000000010029000.00000002.00000001.01000000.0000000A.sdmpfalse
              high
              http://www.unicode.org/reports/tr44/tr44-4.html).zZ8OdFfZnb.exe, 00000000.00000003.2206017721.00000000026D3000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                http://www.opensource.org/licenses/mit-license.php.zZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://tools.ietf.org/html/draft-ietf-smime-sender-auth-00zZ8OdFfZnb.exe, 00000002.00000003.2230344840.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000003.2231349902.00000000035C8000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003577000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  http://xml.org/sax/features/namespaceszZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    http://trolltech.com/xml/features/report-start-end-entityzZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.python.org/peps/pep-0263.htmlzZ8OdFfZnb.exe, 00000002.00000002.4065649736.000000001E0FE000.00000002.00000001.01000000.00000004.sdmpfalse
                      high
                      http://xml.org/sax/features/namespace-prefixeszZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.python.org/dev/peps/pep-0205/zZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003577000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://qt.digia.com/product/licensingzZ8OdFfZnb.exe, 00000002.00000002.4066785584.000000006C700000.00000002.00000001.01000000.00000009.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://trolltech.com/xml/features/report-whitespace-only-CharDatazZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://trolltech.com/xml/features/report-start-end-entityUnknownzZ8OdFfZnb.exe, 00000000.00000003.2226147684.0000000002561000.00000004.00000020.00020000.00000000.sdmp, zZ8OdFfZnb.exe, 00000000.00000003.2226476668.000000000257F000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://en.bitcoin.it/wiki/Wallet_import_formatzZ8OdFfZnb.exe, 00000002.00000002.4063622791.00000000031CD000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://wiki.python.org/moin/BitManipulationzZ8OdFfZnb.exe, 00000002.00000002.4063651414.0000000003301000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          http://www.openssl.org/support/faq.htmlzZ8OdFfZnb.exe, zZ8OdFfZnb.exe, 00000002.00000002.4065427154.0000000010029000.00000002.00000001.01000000.0000000A.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4065052008.0000000004421000.00000002.00000001.01000000.00000010.sdmp, zZ8OdFfZnb.exe, 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpfalse
                            high
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            84.48.88.42
                            unknownNorway
                            15659NEXTGENTELNEXTGENTELAutonomousSystemNOfalse
                            60.242.109.18
                            unknownAustralia
                            7545TPG-INTERNET-APTPGTelecomLimitedAUfalse
                            185.158.248.216
                            unknownNetherlands
                            9009M247GBfalse
                            185.19.31.46
                            bootstrap8080.bitmessage.orgSwitzerland
                            61098EXOSCALECHfalse
                            158.69.63.42
                            unknownCanada
                            16276OVHFRfalse
                            85.114.135.102
                            unknownGermany
                            24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEfalse
                            194.164.163.84
                            unknownUnited Kingdom
                            8897KCOM-SPNService-ProviderNetworkex-MistralGBfalse
                            85.25.152.9
                            bootstrap8444.bitmessage.orgGermany
                            8972GD-EMEA-DC-SXB1DEfalse
                            76.180.233.38
                            unknownUnited States
                            11351TWC-11351-NORTHEASTUSfalse
                            66.65.120.151
                            unknownUnited States
                            12271TWC-12271-NYCUSfalse
                            74.132.73.137
                            unknownUnited States
                            10796TWC-10796-MIDWESTUSfalse
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1573677
                            Start date and time:2024-12-12 13:47:01 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 9m 52s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Run name:Run with higher sleep bypass
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:zZ8OdFfZnb.exe
                            renamed because original name is a hash value
                            Original Sample Name:009cd6b28c31516976cb86fb7e15fc325650549bc9d7724aa33b42aaa6e87f94.exe
                            Detection:MAL
                            Classification:mal48.evad.winEXE@3/44@2/11
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 99%
                            • Number of executed functions: 63
                            • Number of non-executed functions: 316
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • VT rate limit hit for: zZ8OdFfZnb.exe
                            No simulations
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            185.158.248.216dkarts.dll.dllGet hashmaliciousUnknownBrowse
                              85.114.135.102pH6L2VWRbU.dllGet hashmaliciousUnknownBrowse
                                194.164.163.84pH6L2VWRbU.dllGet hashmaliciousUnknownBrowse
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  bootstrap8444.bitmessage.orgpH6L2VWRbU.dllGet hashmaliciousUnknownBrowse
                                  • 85.114.135.102
                                  pH6L2VWRbU.dllGet hashmaliciousUnknownBrowse
                                  • 194.164.163.84
                                  dkarts.dll.dllGet hashmaliciousUnknownBrowse
                                  • 185.158.248.216
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  M247GBdkarts.dll.dllGet hashmaliciousUnknownBrowse
                                  • 185.158.248.216
                                  DOCUMENT#5885588@081366(766.pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                                  • 172.111.244.113
                                  SHIPPINGIN PL BT PDF.exeGet hashmaliciousRedLineBrowse
                                  • 77.90.185.55
                                  rebirth.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 185.94.197.166
                                  YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                  • 185.100.157.28
                                  jew.arm7.elfGet hashmaliciousMiraiBrowse
                                  • 213.109.189.177
                                  jew.ppc.elfGet hashmaliciousUnknownBrowse
                                  • 158.46.140.137
                                  https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#alissa.bessette@eastwesttea.comGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                  • 172.86.84.193
                                  https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#brian.smith@arnoldclark.comGet hashmaliciousUnknownBrowse
                                  • 172.86.84.193
                                  https://dsbemcm.r.us-east-1.awstrack.me/L0/https:%2F%2Fmondialrelay-fr.pdfing.ai%2F/1/0100019399661370-1ce77c65-1b81-4233-8a20-5a39fd0f0317-000000/J1Yr9vKfHbZhazSj6gj8UC7ow80=403Get hashmaliciousUnknownBrowse
                                  • 91.202.233.237
                                  TPG-INTERNET-APTPGTelecomLimitedAUppc.elfGet hashmaliciousMiraiBrowse
                                  • 58.6.174.32
                                  hax.arm5.elfGet hashmaliciousMiraiBrowse
                                  • 124.169.120.128
                                  la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                  • 14.202.99.7
                                  Owari.ppc.elfGet hashmaliciousUnknownBrowse
                                  • 118.208.122.202
                                  jew.mpsl.elfGet hashmaliciousUnknownBrowse
                                  • 220.242.121.97
                                  jew.x86.elfGet hashmaliciousUnknownBrowse
                                  • 110.174.220.39
                                  arm5.elfGet hashmaliciousUnknownBrowse
                                  • 124.168.232.56
                                  i586.elfGet hashmaliciousUnknownBrowse
                                  • 203.16.13.43
                                  main_mpsl.elfGet hashmaliciousMiraiBrowse
                                  • 58.6.73.211
                                  sora.mips.elfGet hashmaliciousMiraiBrowse
                                  • 27.32.205.38
                                  NEXTGENTELNEXTGENTELAutonomousSystemNOrebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 89.10.234.162
                                  home.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                                  • 89.11.142.254
                                  teste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                  • 89.11.99.30
                                  xd.arm.elfGet hashmaliciousMiraiBrowse
                                  • 80.202.160.250
                                  loligang.spc.elfGet hashmaliciousMiraiBrowse
                                  • 84.49.39.232
                                  mpsl.elfGet hashmaliciousMiraiBrowse
                                  • 89.11.99.16
                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                  • 89.10.182.213
                                  splarm7.elfGet hashmaliciousUnknownBrowse
                                  • 84.49.58.30
                                  nabspc.elfGet hashmaliciousUnknownBrowse
                                  • 89.10.93.62
                                  loligang.x86.elfGet hashmaliciousMiraiBrowse
                                  • 80.202.189.202
                                  EXOSCALECHhttps://fixedzip.oss-ap-southeast-5.aliyuncs.com/replace.txtGet hashmaliciousUnknownBrowse
                                  • 194.182.165.210
                                  https://sos-at-vie-1.exo.io/bucketrack/dir62/final/asgrd/bot-check-v1.htmlGet hashmaliciousUnknownBrowse
                                  • 194.182.175.81
                                  https://sos-at-vie-1.exo.io/bucketrack/dir62/final/prove-not-robot-check.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                  • 194.182.175.81
                                  http://mew.bluetgroup.com/Get hashmaliciousUnknownBrowse
                                  • 194.182.189.242
                                  https://viseca-mfa.ch/select-mfa/?rid=7sKefxVGet hashmaliciousUnknownBrowse
                                  • 159.100.245.60
                                  qbXaqu1O6O.elfGet hashmaliciousMiraiBrowse
                                  • 91.92.143.185
                                  https://vk.com/%61%77%61%79.php?profile=hjujhy&to=https%3A%2F%2Fwww.youtube.com%2Fredirect%3Fq%3Draybpms.com/nnn/pruddock@lansdownepartners.comGet hashmaliciousHTMLPhisherBrowse
                                  • 89.145.160.109
                                  xc2CjfYtEq.elfGet hashmaliciousMiraiBrowse
                                  • 159.100.250.220
                                  skid.mpsl-20220823-1147Get hashmaliciousMoobotBrowse
                                  • 91.92.143.186
                                  http://cedesallink-live-d99f45768be64116a4d8c9405fe4cb15-9be8332.sos-ch-dk-2.exo.ioGet hashmaliciousUnknownBrowse
                                  • 194.182.165.210
                                  No context
                                  No context
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1506), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1857
                                  Entropy (8bit):5.379091022433406
                                  Encrypted:false
                                  SSDEEP:48:3SlK+6g4R09kkKv/zRs009kkKazS4S0309kkKBzY:CltCRXkq/O0XkzOfKXk48
                                  MD5:4F9ED5EFA4F7B75BCFE0F36C36EE5CB6
                                  SHA1:29F568508A65F5177C6044544248893A876A666F
                                  SHA-256:FF718390133B400EE679177B2902BBB918DB148BBB4ABABA03D0A1DF325B3303
                                  SHA-512:A94AA869B8420D3965FAD7B05E1E894E8CA00465CD8C2BE2AC135F44D0689AFA7257BB468C69B7BB33BBB036D6B66FBC693C964BF17A85A209AEEE9F8DFFC3CD
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr90.dll" hashalg="SHA1" hash="e0dcdcbfcb452747da530fae6b000d47c8674671"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>KSaO8M0iCtPF6YEr79P1dZsnomY=</dsig:DigestValue></asmv2:hash></file> <file name="msvcp90.dll" hashalg="SHA1" hash="81efe890e4ef2615c0bb4dda7b94bea177c86ebd"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):1662464
                                  Entropy (8bit):6.5519420408913165
                                  Encrypted:false
                                  SSDEEP:12288:6x3MgU6F2LwAwwfvMRwDTjI6e+BmDkhdB/r+uO3Dc5KY5jMwdD70urRkTNJtqET9:a3MgU6FbOfvMR2I6oufIzvfKjAAJuF
                                  MD5:82794E26F932FEB465FB88EEF6BE98C4
                                  SHA1:76A5E226A449AD5A4C5782DAE707A7806CBC25E3
                                  SHA-256:FE930050B1053272D19A071AF40EA7196EE5D8113E923FFB401AC20FB187C22F
                                  SHA-512:86AD731ED67D1D95EF69771B6634B0EA8743F6E2596FD8AEC9E960B91EE3BC0203FD5A7A084DD4A991DE3DD1CF8D1D94819CC76ABCFED7E57384FC0FD75B418C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Reputation:low
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?Y(.^7{.^7{.^7{8..{.^7{.&.{.^7{.&.{.^7{..L{.^7{.&.{.^7{...{.^7{.^6{-T7{.&.{k^7{.&.{.^7{.&.{.^7{Rich.^7{........................PE..L....2.P...........!.................r....................................................@.........................."..H...l)..d....P.......................`......................................H...@................*...........................text...C........................... ..`.rdata..H...........................@..@.data...L....0......................@....rsrc........P......................@..@.reloc.. ?...`...@..................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):5818368
                                  Entropy (8bit):6.55733465989454
                                  Encrypted:false
                                  SSDEEP:24576:XCXQDw6Buv+GdQYUZP5b8aNy6bZyeebJMl5THJEI757wIAhQ36:SXQLkFJMlFHJJ757nAh
                                  MD5:9CF0CFD4272EC93B059CA42491B2CE52
                                  SHA1:3C197C646EFCC1F2F4EB9FD2735997C43C262C34
                                  SHA-256:3622DD9ACDF6830E575E8908168CA7D7258934335268AED48AD63044A03BC69D
                                  SHA-512:CC22C495F40200513CA8EFE2CCC58005409293F5051AE2EEC200F27FEA57BB3DBE56E44A1B4C6A62CBBB5A7176D4E86B74EF4D52197D946BA0D30F35A102BE10
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Reputation:low
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......XQ2..0\..0\..0\.....0\..H...0\..H...0\.;.'..0\..H...0\..b...0\..0]..\..H...1\..H...0\..H...0\.Rich.0\.................PE..L...)5.P...........!.....07...!......%7......@7...............................Y.......Y...@..........................A.F.....:.x....`P......................pP.d....................................':.@............@7..............................text..../7......07................. ..`.rdata..&....@7......47.............@..@.data...l.....A.......A.............@....rsrc........`P......@P.............@..@.reloc.......pP......DP.............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):2512384
                                  Entropy (8bit):6.590427600415505
                                  Encrypted:false
                                  SSDEEP:49152:0sGvSavuuIvW2XfJvJsv6tWKFdu9CSTyLyvL/6mShMZtmjNUVrciV5P+7QVg07U2:0sqSlTfJsv6tWKFdu9CXv
                                  MD5:202DEED77421353E5B2AAC208B9729CE
                                  SHA1:161878987134D79E5F6B16A6CA04FE1AA6B4B713
                                  SHA-256:F169573A7FFA82C8DBFD8E1583382A9480E97C4C3A208663FD017341386B84BE
                                  SHA-512:BF0380DCFBE8376592B90E2A9C721E8FC02CF232F0181A7F67D27DB4641EEACC2C563722E70A7E013B37CDDD3614A373DC9B75252A7753499D861FF313851D6C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jyb..............W.......`.......`......).a.....).w..............`..+....`.......`.......`.......`......Rich............PE..L....j.P...........!................1..............g..............T...........&......O'...@........................... .]@..d. ......p%.,.....................%.........................................@...............`............................text...n........................... ..`.rdata..=...........................@..@.data....1...0%..*....%.............@....rsrc...,....p%......>%.............@..@.reloc..2.....%......F%.............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):8124416
                                  Entropy (8bit):6.731166535476985
                                  Encrypted:false
                                  SSDEEP:98304:cxqrs1ZcxwRTdJAC8m8PICiH+bUnh4Tk8BevFzG33qW:cxgoZMwRTdJQm8PJo4Tk8kW
                                  MD5:4F1F88C5B483423BD25A3024D1BC4FA1
                                  SHA1:692F333A0900AE8785DA858C085F50AEDFA8AEA0
                                  SHA-256:72C2F8071CEA3F5B354DDFA96A65F2600D45FBC1218D4F09E8AB1A0A9A66BBE3
                                  SHA-512:773395D749235380281BBD7DFEC583837539E31A0BCC28C5B2B6BAA76FCDDE11BCBDDF9B84B41E2C273210F3D5B355EF8D7F81D5797230B11A5BD08482D69A59
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z=D.;S..;S..;S.pt...;S..C...;S...>..;S..C...;S...(..;S..;R..<S..C...;S..C...:S..C...;S..C...;S..C...;S.Rich.;S.........PE..L....m.P...........!......T...'......!O.......U....e..............T..........`|.......|...@.........................0.h.H...4.f......pu.,.....................u......................................-`.@.............U..............................text.....T.......T................. ..`.rdata..x.....U.......T.............@..@.data.........t.......t.............@....rsrc...,....pu.......u.............@..@.reloc........u...... u.............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):763392
                                  Entropy (8bit):6.670453979998592
                                  Encrypted:false
                                  SSDEEP:12288:DYTgvSHun4vSkBp8OZILAyCP9W34wk2bYoSnpR+aoBJDrkM:Dcg/n4vSkBpCEPP9W34wk2bYoGpqrDrk
                                  MD5:17741883949FB397CDBC20F04579CFF5
                                  SHA1:776975DF8BE47904ED44BB872506EDD6DD8F18FC
                                  SHA-256:FDF2860B40A2E2A5DF591E6D6DDD5F868EFC286328CF30DD921DC0AFAA6D9FD5
                                  SHA-512:15465C8AB4858E23E908330BAAE7E540A36DED61F45C801F0E3A5E2D88B73A1FBC85E69A1E3E4F91BAF0BCCA49100A64C553A32CEC55F1C4334D93686BE9708E
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..Xr~j.r~j.r~j..1..s~j.{...z~j.{...}~j.{...t~j.U...{~j.r~k..}j.{...W~j.{...s~j.{...s~j.{...s~j.Richr~j.........PE..L....m.P...........!.....,...v...............@.....c..............T..................G....@..........................(...............@..0....................P...e......................................@............@...............................text....*.......,.................. ..`.rdata..a....@.......0..............@..@.data....I.......B..................@....rsrc...0....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):278016
                                  Entropy (8bit):6.519277511986511
                                  Encrypted:false
                                  SSDEEP:6144:IKmGtKCgk+GSLo1t91DO+KRbaAT78LSYntIE889sn0hCyOyiNcK1Dv4e:9mGtKCf+Geo1t91DVqbaAToLSwIR
                                  MD5:B85A8FAA22CF55275BE834C57C0382CA
                                  SHA1:742878E243D01B731007DB151C32EB6313AF78BB
                                  SHA-256:9D3BC8D28637F72762D913614673ECE84A9B63BFAC5816459E159489C97CBFE3
                                  SHA-512:217498906B1386FEF2C2BC2AA39AAD2504D62E5760943B1AD24804ACD3B5BE06B4501AA8F522E4B74106EE0F7EE2CACDF5BD0CAEA2B671A4514C700B63955D32
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`=B..S...S...S...(...S.GN....S..y....S..y....S..y....S...R.{.S..y....S..y....S..y....S..y....S.Rich..S.........................PE..L....n.P...........!.........|......)~.............f..............T..........p............@.........................p...."..|a..d.......,.................... ...;..................................@...@............................................text...{........................... ..`.rdata...#.......$..................@..@.data...\...........................@....rsrc...,...........................@..@.reloc...E... ...F..................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):341504
                                  Entropy (8bit):6.431913003801158
                                  Encrypted:false
                                  SSDEEP:3072:n2nO1+ys2Ud81fy6SM02JNmEa812IJjJGqSUwrnrGBscYOeVls9tty2MVP6OmtD+:LJy5MTb/2IaqYr7s9ttQVP6OmtDalnj
                                  MD5:9688018E8DB73D60E6C900F63A714493
                                  SHA1:B6E287B57939AD36055D98F1A41B9C572A550FA7
                                  SHA-256:C8A759EA06F807E4EFA47075BC31927134F70AC2AA30D04B11C4CA412760D92B
                                  SHA-512:E2379A2CE7F5F17F0CAC8E8BD9DB2E5D7C6B08DED2C07450487601B41E62E5A442C94CC94F23BE5AE8CA96ACE4AE0E19511886DF42977B7BB25096C9CB990EDC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..n1.g=1.g=1.g=.4.=3.g=...=0.g=8..=3.g=8..=?.g=8..=6.g=1.f=*.g=8..=9.g=8..=0.g=8..=0.g=8..=0.g=Rich1.g=........PE..L....j.P...........!.....J..........'........`.....a..............T..........p...........@.........................PB......$...d.......,........................L......................................@............`..|............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...P...........................@....rsrc...,...........................@..@.reloc...W.......X..................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):74240
                                  Entropy (8bit):6.431467878299579
                                  Encrypted:false
                                  SSDEEP:1536:NgPW5JWx0vd/+UQvvDDFItGJ4GNG3Ija1Dzp4b9SC9Qk9R/EclexuFzD0S:2OJWe+Hv/KtGaIjcDzpwVH/PlexulD0S
                                  MD5:F9982F8B1176597B81ED1285D1616CE7
                                  SHA1:7CF74CCE8B20ADEEFF83E29EACC028BDF2D7C18A
                                  SHA-256:D14315CF03AA7D96B714BFC13F7990EC245D205E4A5F9F002D2805E369199239
                                  SHA-512:CD3339DC69FF918D3E4DB2AE219FF7DF58F18A151F088FA051B4CDF48E4CFD6569A9CA9E414708818004DE7D0CB3CEA64FA2EE4C0A1F6B832D86229446E22153
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\1f..P...P...P...(...P...(...P...(...P...(...P..?.e..P..?.s..P...P...P...(...P...(...P...(...P..Rich.P..........PE..L.....O...........!.........x...............................................P..............................................L...x............................0..|...................................(...@...............l............................text............................... ..`.rdata..`>.......@..................@..@.data...h"....... ..................@....reloc..\....0......................@..B................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):285184
                                  Entropy (8bit):6.765554951499193
                                  Encrypted:false
                                  SSDEEP:6144:bjXHIIII3ROiZOStA4XRQlgnZTtlsFjC4nFCRlojjKkGC:bjX5OiZOSCueWde
                                  MD5:199BDE23EF347DBCCC6BF5A112B43C93
                                  SHA1:BA98EF27C64EB858AC7C3AE6FF1DECE53094E753
                                  SHA-256:6F8A2F7FE1A702521706FCBE82592AC24E8C897F5BF47F798122DBD0B109C2A6
                                  SHA-512:DD92D4AD8BDA852CFC4B1823D9371C10B5AF3AD4057AF3269D88ECB70BCD2600807252305AE647FF646F3080AC1E71E918A9AB623BA16FE7B73462238FACC9CC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.....d.....d.....d......d.......d...e...d...d...d....d.....d......d......d.Rich..d.........................PE..L.....O...........!................................................................................................@...L...Lz..x............................@..,;...................................y..@............................................text....~.......................... ..`.rdata..............................@..@.data................x..............@....reloc..6F...@...H..................@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):23552
                                  Entropy (8bit):6.1536966012352075
                                  Encrypted:false
                                  SSDEEP:384:14L/0o7A46moavEtaq//nhK0GNoD2NDsDt7Yi4PZ5AUl6uy4b2w:Kz0q6Wk5KrZDIAlO
                                  MD5:557EF00FCA5A09FF4279FF79DA7123E5
                                  SHA1:05368053F98AE6210E20E41C76B07ADCFCB867CB
                                  SHA-256:6C8095DD83694FBE58E9CFD9548D5559C5853B690E8F3761B3194EDC374701D9
                                  SHA-512:0977AFFA225F720786F5B74D600C95BA75E93FE555972DBD2A2D1D9EC8063001009A81B7884CAAA9E4D37B1F1285F05758607D99D425F2A6B9518F2194FE9CBE
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@z.+..ex..ex..ex.T.x..ex.c.x..ex.c.x..ex.c.x..ex.c.x..ex..dxw.ex#..x..ex.c.x..ex.c.x..ex.c.x..exRich..ex................PE..L.....O...........!.....,..........34.......@......................................................................0Y..\...lN..d............................p.......B.............................. M..@............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data........`.......J..............@....reloc.......p.......T..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):40960
                                  Entropy (8bit):6.425673722739654
                                  Encrypted:false
                                  SSDEEP:768:/BdWlzogZmaj1LvYHJjmHr2WI5Ge2BfLM5sNoC+Mufc+yv:Pmlj1LvYHJSq2BfI5C7Mf
                                  MD5:07789A8C23BCEBE32F8BFD4CE4AF5FFB
                                  SHA1:132D7AD9D2A7C3FF51B246FD14F0A4F738D68E10
                                  SHA-256:235CC97584C3D31E5F3146121F64699D30CF372A86868EA755A9A0AFA6C56144
                                  SHA-512:D461D8313C285E568CE44C08D1AF7C54AAFAE0D1E8235109D5D71F6BAFFE8F677AE3202590CF33AB34625AC87285C7DC4C1DF2E2181ACD4B998309D23E12FD3E
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.H;tj&htj&htj&h}..hwj&h}..h{j&h}..hvj&h}..hpj&htj'h.j&hS.]hqj&h}..huj&h}..huj&h}..huj&hRichtj&h................PE..L.....O...........!.....J...V...............`.......................................................................~..d....t..d...............................\...Pb...............................s..@............`..,............................text....I.......J.................. ..`.rdata..4....`... ...N..............@..@.data...t*.......(...n..............@....reloc..j...........................@..B................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):41984
                                  Entropy (8bit):6.328310875012595
                                  Encrypted:false
                                  SSDEEP:768:hopyWX51K3ezKO8zMvMTlQkh1pX4RpkJtSKJyff4zFQxk1FsJsm+FzV1NFT:hlWX5jGMoOO2KSiyfQxEepFFzV1N
                                  MD5:8AF159910FA00E5D5EC5E3B0823DBC76
                                  SHA1:6B59FE4CDA77C8F884629C1CBF6E08C55025509B
                                  SHA-256:866BCB56030EAE4BF792BAB5DCC1CCEA50853A6DBC62955D98A92CE4010ED631
                                  SHA-512:91E5DAF5B9B960A6D577EE6CC9FD31BCA8879B62E74B1A1C5E99E85A9A623983DC75E621C6AD983EAC4E2CE873400FA2AACD4378BCEB65C4FB55D8B778BB73C8
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K.j..d...d...d.......d.......d.......d.......d..(....d...d...d.......d.......d.......d..Rich.d..........PE..L.....O...........!.....T...P.......\.......p......................................................................`...L.......d...............................P...@s..................................@............p.. ............................text....R.......T.................. ..`.rdata.../...p...0...X..............@..@.data...............................@....reloc..V...........................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):721920
                                  Entropy (8bit):6.760193298245936
                                  Encrypted:false
                                  SSDEEP:12288:V7ydlZPVlDZKtxWVOiZOSpuPLRhltFYU2bfk4r6ciB1LrpTpiT/vyDway:V7yd5h4xw7k4rkVrppiTnycay
                                  MD5:12FB0BCC8B79ECADD52BA8D97E08BFED
                                  SHA1:B52B26E16841D3B03F36792DF7ED1825AA95EE54
                                  SHA-256:360B506DF81FFC0B49AC15924314FA549084227B998B202572EED90B695DFD3A
                                  SHA-512:3A6E78965CF58BB94EFE1802F5FD39B2820935C277FB8773ECC3B4A0608FC444ACE952A619DEAD204476981C78C38992867172BC0584CAE01306EF226E5FCE21
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&r..G...G...G...?...G...?...G...?...G...?...G...G...G......F...G..VG...g..G...?...G...?...G...?...G..Rich.G..................PE..L.....O...........!................A........0...............................`..........................................D....s...................................{...2...............................r..@............0..\............................text...x........................... ..`.rdata..4P...0...R..."..............@..@.data....!...........t..............@....reloc..`............r..............@..B................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):739
                                  Entropy (8bit):5.104861622812712
                                  Encrypted:false
                                  SSDEEP:12:TMHdtnQEH5k7gV4SNXvNxW5v+MHCgVuNnhSN4tNg49vNxW50+bJtgVuJWSNGNgko:2dtn3Z+glN2v+zg4NnEN4fc0+bLg4fNn
                                  MD5:CDEF9322E8B83C081CE612BF681A57B4
                                  SHA1:6C87E1F72CBD5E0208D19FB37810428009EB1274
                                  SHA-256:C4C000CF1A1A85BD6BA69AA900F36CB99B52AF7EA19A8D06C10197EC2A6BEF37
                                  SHA-512:DA9D77008E0032104F0E72E6A5048C545122514E78AD23FA60029798081DD6A3EAFAA3A8C4CF396BE5CC4F5D94F4D52040DD6DA58E102DB6A7E4957867C5E539
                                  Malicious:false
                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">.. <assemblyIdentity name="bitmessagemain" processorArchitecture="x86" type="win32" version="1.0.0.0"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.VC90.CRT" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b" type="win32" version="9.0.21022.8"/>.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity language="*" name="Microsoft.Windows.Common-Controls" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" type="win32" version="6.0.0.0"/>.. </dependentAssembly>.. </dependency>..</assembly>
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):59904
                                  Entropy (8bit):6.717671860583746
                                  Encrypted:false
                                  SSDEEP:1536:WWD+TuVWbF++LKipVpiXFUUcQnTSp5JinMCsbmFsSr2aCrnHrdvr2vaGVMkU86+w:WWDuu4+bvaGGkHhfb
                                  MD5:2309952A1136740F3871869CC13AB620
                                  SHA1:7D9EB3EF678537C0026DC06E36F4D42B96B2627F
                                  SHA-256:2E54BDD269CEABA1368298407245787DE76F25210FED08E3338DE9F8A579DCF7
                                  SHA-512:ACE543CB92901F33048CA6EDAE7FDD66DCAB697A0F1E31A2C7AD1A4D1B3B42A71B0DEF03DD7400F1114E8406174D9867D7FCFD182C452AFBBE4894E5234533E6
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4.I.U...U...U.......U...-...U...-...U...-...U...-...U.......U...U...U...-...U...-...U...-...U..Rich.U..................PE..L.....O...........!.........N......9...............................................................................0...B.......P.......................................................................@............................................text............................... ..`.rdata..r...........................@..@.data...L'.......$..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:C source, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):21529
                                  Entropy (8bit):5.366711940928845
                                  Encrypted:false
                                  SSDEEP:384:rGbGMpOukkcMSYuw8BsHhpuDaAQMiBaZGVsdgh3nIog:rGbGMpYvTSbaa+IaZ01Iog
                                  MD5:F80576AD6858A58A81C74CA80060FDE8
                                  SHA1:8D3DAD24D19F8A37A18E8B01C4FA4A7EB1A6CC6E
                                  SHA-256:4926BDF01301464C8D3F9FB89A8E14CE7D50CBA310B86F4BBE3C5146865363CB
                                  SHA-512:DD4F3860003EAE0F869D2F5D7658773630A41A7E661D04B94AC6B603366381BD61365BA77F1BC743C61ACE1595367383C7E045C367FC71B7DC70A708EE8CC937
                                  Malicious:false
                                  Preview:#ifndef Py_CONFIG_H..#define Py_CONFIG_H..../* pyconfig.h. NOT Generated automatically by configure.....This is a manually maintained version used for the Watcom,..Borland and Microsoft Visual C++ compilers. It is a..standard part of the Python distribution.....WINDOWS DEFINES:..The code specific to Windows should be wrapped around one of..the following #defines....MS_WIN64 - Code specific to the MS Win64 API..MS_WIN32 - Code specific to the MS Win32 (and Win64) API (obsolete, this covers all supported APIs)..MS_WINDOWS - Code specific to Windows, but all versions...MS_WINCE - Code specific to Windows CE..Py_ENABLE_SHARED - Code if the Python core is built as a DLL.....Also note that neither "_M_IX86" or "_MSC_VER" should be used for..any purpose other than "Windows Intel x86 specific" and "Microsoft..compiler specific". Therefore, these should be very rare.......NOTE: The following symbols are deprecated:..NT, USE_DL_EXPORT, USE_DL_IMPORT, DL_EXPORT, DL_IMPORT..MS_CORE_DLL.....WIN3
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):1178624
                                  Entropy (8bit):6.8095404236014865
                                  Encrypted:false
                                  SSDEEP:24576:PgOa+idPMVjzxbi2p/LajEe5aBpfXNCOK7bQ2mpoODMVIZmp:QUttnuIeQBdXNjKnQ2mpodVCmp
                                  MD5:320FD1D9FC94E40CEDCBA3F9CC7AEC43
                                  SHA1:38C830CBE05D4EF7A193BBF754A521C8F7A185C5
                                  SHA-256:B2F7887AE0BD418724EB32D3449197551A0895F2C764A933A7BD984F187EAB78
                                  SHA-512:870DF08BC60094EDAB701EDAFBAC0E2D341E500E3D8DC418FADCD138E4CB59225E054F9FB571D35D4217968A16060DAE06E7BB0407ACBD51181098A486299F35
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........XE..9+.9+.9+.A..9+.A..9+.9*..9+.A..9+.9+.9+.A...;+.A..9+.A..9+.A..9+.Rich.9+.........................PE..L......Q...........!.........................................................P.......................................b..9....W..................................<....................................V..@............................................text...6........................... ..`.rdata..............................@..@.data...........^..................@....rsrc................X..............@..@.reloc...............`..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):224768
                                  Entropy (8bit):6.040336415310379
                                  Encrypted:false
                                  SSDEEP:6144:ge7iXDX5qmzXOZc/cU4HqsKvts6tifkglMqbO0YLJbc89XTiuq5Kz3OaOyp:ge7iXVDzXOGJb5XTiuq5Kz+
                                  MD5:4A8BC195ABDC93F0DB5DAB7F5093C52F
                                  SHA1:B55A206FC91ECC3ADEDA65D286522AA69F04AC88
                                  SHA-256:B371AF3CE6CB5D0B411919A188D5274DF74D5EE49F6DD7B1CCB5A31466121A18
                                  SHA-512:197C12825EFA2747AFD10FAFE3E198C1156ED20D75BAD07984CAA83447D0C7D498EF67CEE11004232CA5D4DBBB9AE9D43BFD073002D3D0D8385476876EF48A94
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3...`...`...`..{`...`..~`...`..}`...`.@.`...`.j.`...`...`<..`..k`...`..l`..`..z`...`..|`...`..y`...`Rich...`........PE..L....=1G...........!.....:...................P....?x.........................0.......L....@..........................1..4....%..d...............................d...P...............................P...@...............(...........p...H............text....8.......:.................. ..`.data...|....P.......>..............@....rsrc................H..............@..@.reloc...!......."...L..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):568832
                                  Entropy (8bit):6.529348877830445
                                  Encrypted:false
                                  SSDEEP:12288:iUmYoJC//83zMHZg7/yToyvYXO84hUgiW6QR7t5C3Ooc8SHkC2eRZRzS:iUmYoO83W0y8yeO8L3Ooc8SHkC2e8
                                  MD5:6DE5C66E434A9C1729575763D891C6C2
                                  SHA1:A230E64E0A5830544A25890F70CE9C9296245945
                                  SHA-256:4F7ED27B532888CE72B96E52952073EAB2354160D1156924489054B7FA9B0B1A
                                  SHA-512:27EC83EE49B752A31A9469E17104ED039D74919A103B625A9250AC2D4D8B8601034D8B3E2FA87AADBAFBDB89B01C1152943E8F9A470293CC7D62C2EEFA389D2C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..qQ.qQ.qQ..*.qQ.#..qQ.qP..qQ..>..qQ.#..qQ.#..qQ.#..qQ.#..qQ.#..qQ.#..qQ.Rich.qQ.................PE..L....=1G...........!.....$...p......B........@....Hx................................`.....@.........................@C......d8..<....p...................$......D2...................................$..@............................................text...!#.......$.................. ..`.data...h&...@.......(..............@....rsrc........p.......B..............@..@.reloc...B.......D...F..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):655872
                                  Entropy (8bit):6.890160476095281
                                  Encrypted:false
                                  SSDEEP:12288:whr4UCeaHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axTFmRyyrRzS:ga2g5gmO791I0E5uO9FANpmRyyg
                                  MD5:E7D91D008FE76423962B91C43C88E4EB
                                  SHA1:29268EF0CD220AD3C5E9812BEFD3F5759B27A266
                                  SHA-256:ED0170D3DE86DA33E02BFA1605EEC8FF6010583481B1C530843867C1939D2185
                                  SHA-512:C3D5DA1631860C92DECF4393D57D8BFF0C7A80758C9B9678D291B449BE536465BDA7A4C917E77B58A82D1D7BFC1F4B3BEE9216D531086659C40C41FEBCDCAE92
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...a...a...a..,....a...a...a...3)..`...3?.^a...3...a...38..a...3>..a...3;..a..Rich.a..................PE..L....=1G...........!.....Z..........@-.......p....Rx.........................0............@.........................`....|......(........................$.......3......................................@............................................text....X.......Z.................. ..`.data....g...p...D...^..............@....rsrc...............................@..@.reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):103424
                                  Entropy (8bit):6.628354668210378
                                  Encrypted:false
                                  SSDEEP:3072:mcED9hwwprYO1xDhorKmuzkPk6sXF+JZSvKcIlUfzONV:EpNpRgRg4UXECCwgV
                                  MD5:36733A799D1759E5FF6135FA19AEEF5B
                                  SHA1:3F452B9B15C095A730F40A01D5ACE3796D375B0A
                                  SHA-256:103F4329D53CF937C7023E8F2C21D008B9B7ABE88D78BC3B05BF048C63735D88
                                  SHA-512:B6ED570A662B042B30E0981FBA04BCD072EDF48936DFA79AD117DCAF23720E9009C41ECF1CFB8AEB2A181D1B2BF57807B3987863DCA2CA2862FBF95358ECCC69
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h..........................................h}..................................Rich....................PE..L.....O...........!.....2...b.......;.......P..........................................................................J.......P...............................P....Q..............................x...@............P...............................text....0.......2.................. ..`.rdata..:?...P...@...6..............@..@.data...p............v..............@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):2303488
                                  Entropy (8bit):6.67502065771941
                                  Encrypted:false
                                  SSDEEP:49152:X9euLUwe3VLmI6C1mGrPKZo1KPen8MZEHHo5IvTj+j2D9v:XcuLUwrpCciKZo138MeHIm+C5v
                                  MD5:7584228B7AA01D99944DF388BA62A197
                                  SHA1:9E3D84241053D0FF82D83104FE9F73B9F02A3B3E
                                  SHA-256:75E9A929D9F0F4EE2C5164C5829BEBC05EA9ACA0B664B41BB8E7FF53FBB1BB8E
                                  SHA-512:217BBD7CF8A27A18C15856E6506F0BBC51B9D22E55EC15339AA53E81E966D65C8AF445C55D79F1FF0CF1757E0C3A3DA5DE9818F00BE8BF14F708FF1C5DB88165
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....5.K...Z.0.Q...Z.6.Z...Z.'.Q...tE..Z...S...h...Z. .\...Z.-.....Z.1.R...Z.7.R...Z.2.R...RichS...........................PE..L.....O...........!.........^......!.........................................#.....#.#.................................z...n..x....."......................."..... ................................m..@............................................text............................... ..`.rdata..\ ......."..................@..@.data...p...........................@....rsrc.........".......".............@..@.reloc........".......".............@..B................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):141824
                                  Entropy (8bit):7.773833148990652
                                  Encrypted:false
                                  SSDEEP:3072:+ul14bg0wKw3LCms9PQcLwI2T2VtTzJUOuFBKZOyG3u:+utGpp24ABiOyG
                                  MD5:0D74E49584FDDAA81B252009B98D2087
                                  SHA1:E824DAA7D3206A6B8933F1DAFB2D62B71C368A7E
                                  SHA-256:95444E87081DC7CEDCE7999350785F5F874EF7D3E8BB800C857D6C6FFDCE1EB0
                                  SHA-512:6BBDB515A3D32EB8FBE69C3BCF302DD6AE457C27AE41EF8DE8A03352CA47C53C7CD62670EC1F96D3E15F476907788B7661D65106A60C502CB3F3EEDB5BE5DEB2
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{..............)n.....B.......................................................................Rich............................PE..L...z..P...........!.....2..........y7.......P....................T..........p............@.........................`1.......'..P....P..4....................`..P.......................................@............P..(............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data........@......................@....rsrc...4....P......................@..@.reloc.......`......."..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):168448
                                  Entropy (8bit):4.551549229148322
                                  Encrypted:false
                                  SSDEEP:3072:d7kgnnckZ/FP/Di7jo6uxCwkbCpV+J9ks+Xe55OKNL:d7pn3/uf6aCpVkk85OKN
                                  MD5:86849548539AB868A4723F5BB5559957
                                  SHA1:4355373B66B66B77655B501F07B20E96BF7F19F7
                                  SHA-256:833121B61F3AAAD79A23C1484A89E2A8F1F98102687C1D057F2D8AE88978982B
                                  SHA-512:B59D7EFFA19C19363B43A675CA386C9F1726A88F3A5B2A0F22CB1B4DE298F92956DCEC6BAB8678244D77DEB7AAC47EC584F433B1C4F3D733D4A4F482353A7DF2
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g...g...g..9....g.y....g.....g.....g.....g...f...g.....g......g.....g......g.Rich..g.........PE..L......P...........!.....F...H......{J.......`....................T.................."....@.....................................P.......4...........................................................8w..@............`..T............................text....D.......F.................. ..`.rdata.. /...`...0...J..............@..@.data................z..............@....rsrc...4............~..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):78336
                                  Entropy (8bit):7.579842912952122
                                  Encrypted:false
                                  SSDEEP:1536:+W9G/SVXQ/58oPBFpFZxsj2EpBWyt8onEEkYyhPbwkT3STY2OKSD:+WcSVXQB8oPj/wL0m8ondTwSTZOKSD
                                  MD5:13D069B6BC5893DED367BDF61748E8A2
                                  SHA1:5A35CE02DE8E5247876B7C0C0D07FFE77F9CE2E6
                                  SHA-256:5834FEF4A0B26FA3B429B8DEF719B937582814F286972D7DE2FD8C318CB2A8ED
                                  SHA-512:4104B82755A7BCE7619FE8636CE4CAF0FBB18150D7F84B326650FE0AC570AFBAA0E2321FAA88C28A9D68470DC0F5725D4290F156A4BDC3F98BFAAA40290B5E85
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{..............)n.....B.......................................................................Rich............................PE..L......P...........!.....&...........,.......@....................T..........p.......u....@.........................`6.......,..P....P..4....................`......................................h$..@............@..(............................text...m%.......&.................. ..`.rdata.......@.......*..............@..@.data........@......."..............@....rsrc...4....P.......$..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):155648
                                  Entropy (8bit):7.65619043810097
                                  Encrypted:false
                                  SSDEEP:3072:/YOt/F60rV4Js9Y/SZKuI8HKdEYtriq7gReCsO+zrv1diL8KQ/GhAOK1r:Qc6i4Js9YqZKu7K5tH71OIL1Vb/3OK1
                                  MD5:747AABEB8001FDA5C8ABE4FA56537C8B
                                  SHA1:DA3570ED72A3A059D7DFF73D818F00D07C4BF1F1
                                  SHA-256:560ADE7DD2D8CD0894B54C731FF01A8E1E4C2948D040C2D4353C3CDC636EFC09
                                  SHA-512:3C98E73659A5DEA169944FD43EBD436E0C1A0639FBF486D8391D7401A31D688144F9ECA6A2E296AA0DF7DFE7541E8214E1B83010E304E279017E264851F1A23E
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{..............)n.....B.......................................................................Rich............................PE..L......P...........!.....(...4......u........@....................T.................>.....@..........................c......lY..P.......4............................................................P..@............@..(............................text....&.......(.................. ..`.rdata...#...@...$...,..............@..@.data........p.......P..............@....rsrc...4............R..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):14848
                                  Entropy (8bit):5.668620240919106
                                  Encrypted:false
                                  SSDEEP:384:NCQ8WKQ5ovJLjfTAwFT4OjrI92OK/h71fXrIl:oh1KovJL7xFZ+2OK7TC
                                  MD5:B8A35DAE91462AA82FCF53CB3E14D7D0
                                  SHA1:3579F31BFF1C966ACB20CCC2A3F5B038715BA3D0
                                  SHA-256:D43B483FC7E973CF004F203566E830B71DF4CC72ACDEF9ECBBDDF9013105A50D
                                  SHA-512:7FBC2D5A09AA86DE287ECEBDA37C4D07BEDC71C1FB9CD2D27AF2A0C75840959BBA5CAB77A044A235C43D27174A00149F51A40A00C3DC1203A3D17461F15955B9
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................9.....}.1......2......$......4..............#......5......3......6.....Rich....................PE..L......P...........!........."...............0....................T.................!=....@..........................B......d8..x....`..D....................p.......................................2..@............0..$............................text............................... ..`.rdata..8....0......................@..@.data...x....P.......,..............@....rsrc...D....`......................@..@.reloc..n....p.......6..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):36864
                                  Entropy (8bit):6.111032620220954
                                  Encrypted:false
                                  SSDEEP:768:hvBVtlShya65bAFxHrcMR2f83s2OK4CWa:dBVtl75bAFxLcM4fQs2OK4Cx
                                  MD5:DDD3DBDAED0783710B10C27082BFFA6F
                                  SHA1:B36D0911B0FEFD4E5055E1FC551B544CBB847C62
                                  SHA-256:327D246A4044F0AEDA26B95AE5D4D0995C026EA488E801312D7E059842B62454
                                  SHA-512:81CDB2A98CE0424482225A9F5177D437902C2EC19498D0659E974172B464EBE69F92749577F3EA44DCDE0BD06E8ADA734A06F03018083C75108DE89C0EEB623B
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A..6:...A.O....A......A......A......A...@.z.A......A......A......A......A.Rich..A.................PE..L......P...........!.....P...<......AR.......`....................T..................e....@..................................p..x.......0.......................h....................................c..@............`..4............................text...mO.......P.................. ..`.rdata.._&...`...(...T..............@..@.data................|..............@....rsrc...0............~..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):27136
                                  Entropy (8bit):6.10051977861912
                                  Encrypted:false
                                  SSDEEP:768:WZOe2dqXatJUhcY5vdREEHdUl1sm3oQ+1SvS142OK22C:WZOe28Xar0ckoE9Ul1cQ+wq142OK22
                                  MD5:0B2BB080AF633F49EDF430DB223B18A2
                                  SHA1:768899579061BEF3A89127F3A7D5F6AE387409E1
                                  SHA-256:CA55C91C0E7544429FE022CE357F3EDF140E13BD3FAFAF6489A23C697A979047
                                  SHA-512:50D78E0F9D00FA2DA604A559521187430DB65CD6565707879A7E70BA27AF6B790CA4ABA5FA2C434D702F6CD37C93508B4053131DE3D147464E70AD91E48A6F82
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nY.............3{.....".......................................................................Rich....................PE..L......P...........!.....:...,.......@.......P....................T.......................@......................... j..{...T[..d.......(...........................................................8S..@............P...............................text...]9.......:.................. ..`.rdata.......P.......>..............@..@.data........p.......Z..............@....rsrc...(............\..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):29184
                                  Entropy (8bit):6.084490035375244
                                  Encrypted:false
                                  SSDEEP:768:jaE/f7U0VbLT9v6nkV2vMPSEzYGPhG2wAoGOKL21:jT77fRv6kYiSEzLs2voGOKL2
                                  MD5:89B512127DE87BFE46452326F101D41F
                                  SHA1:B4FDC6CFEC2414A8FFC534605B95FB41E3473560
                                  SHA-256:6343F455418B957799E9623D018A1BB922C8E2F570130404ECF3F105091AD396
                                  SHA-512:270A53C46ADCA70EEB97A21FBAC0FC0FD2D6E851DBD265528EAEC34A8941D3918A69C3415B6353839BC86E44C941629E78210DC0631B4C03CE2F310D9441156C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ro..<<..<<..<<.<G<..<<"..<..<<...<..<<...<..<<...<..<<..=<..<<...<..<<...<..<<...<..<<...<..<<Rich..<<........PE..L......P...........!.....:...4.......A.......P....................T......................@..........................p..{...\^..d.......(.......................x...................................pS..@............P...............................text....9.......:.................. ..`.rdata..{ ...P..."...>..............@..@.data................`..............@....rsrc...(............b..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):197632
                                  Entropy (8bit):6.554932069408827
                                  Encrypted:false
                                  SSDEEP:6144:c5hdviK8myWc2UNfQv3vCJYazv0e9MLEOKV:GivmxI7JYa
                                  MD5:9DB0CE9685A89D3E1446A18DA37312D6
                                  SHA1:1559AE7D9EA544EBF841CC3C1C0C6A98D875074E
                                  SHA-256:3B6D09ED450FF5F9B3D8CF093BA3030C24FB397AF15F5DFCC9812F61CE345AF1
                                  SHA-512:F126D11C4F28C19833706F9E1C3FD28CF72EE191180F47198A791EB869792C070A7A6A36DF7B1A78E9224A23096D52EE0289BB41989891CA414B2156231B0BE7
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............C..C..C.2.C..C...C..C...C..C...C..C..C<.C...C..C...C..C...C..C...C..C...C..CRich..C................PE..L......P...........!.........^......C.............................T..........@............@.............................|.......d.... ..,....................0..h.......................................@...............(............................text.............................. ..`.rdata...D.......F..................@..@.data...t...........................@....rsrc...,.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):221184
                                  Entropy (8bit):6.564355794485646
                                  Encrypted:false
                                  SSDEEP:6144:LG3cFuMtZY9F9F8thn4iIr4vUMBynEViaIFJ+meEwIz0Bz7P5EqJ6CFcPDsPItO/:LGsIiuBsPI
                                  MD5:68645688E9DEAF8D7FEC46B10B5285F3
                                  SHA1:34A646E795F866344222B1131ABBC35C4565694F
                                  SHA-256:4BDEE07321002F270A23D65E6DF5FBBCBE8BF57F0FEB4EDEFE59127D47D4735A
                                  SHA-512:443ECB947BD0AEAE8603FC1E14EC8F2ED3807792F5887E117A8B6EBA029254436325E0CA73DBF528270B37C51CF10F0890ADEBBB9F89AC73F576423EF80A55DF
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'.|nc..=c..=c..=DUi=a..=..=b..=j.=a..=j.=d..=c..=...=j.=B..=j.=e..=j.=b..=j.=b..=j.=b..=Richc..=........................PE..L......P...........!.........j....................................T.......................@..........................X..{...tJ..d....p..(............................................................C..@............................................text...m........................... ..`.rdata..[I.......J..................@..@.data...p....`.......@..............@....rsrc...(....p.......B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):22528
                                  Entropy (8bit):5.895055122230745
                                  Encrypted:false
                                  SSDEEP:384:xTJvJ2xksE9L4t+U2kIaeBvZXSISgLxJXtWxCl9sNN2OK/hgbLXqmXd:xd8kBU2wuVSiJWNN2OK82mXd
                                  MD5:D9E685D99AE28FC4F4CCB3D4A1AD346E
                                  SHA1:B23DBF247F2863996C5AE568A7D56C6BC67CC0AD
                                  SHA-256:C499D3CBC4425E49610B9694497B91038D5091AD14CC8E762C8FD88E2EF62EA1
                                  SHA-512:36ADFF4DD46672314216D1B0F103680C5C351E96ABEF987E0E4B6ECC5E9328CC0D306987053D8AB3885917527EEE95A5E4FFD525D134513746D466C11BE4558D
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O|....,...,...,..i,...,Ha.,...,.V.,...,.V.,...,.V.,...,...,...,.V.,...,.V.,...,.V.,...,.V.,...,Rich...,................PE..L......P...........!.....$...0.......*.......@....................T.......................@..........................]..{...<K.......p..(.......................X...................................HC..@............@...............................text....#.......$.................. ..`.rdata..;....@... ...(..............@..@.data...p....`.......H..............@....rsrc...(....p.......J..............@..@.reloc..:............R..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):20992
                                  Entropy (8bit):5.861414943332894
                                  Encrypted:false
                                  SSDEEP:384:0Py6emMuYosnvRg3OfNgH9jtmHHpW2OK/hOKLXq+VN:0Wx5gmgwQ2OKj2+
                                  MD5:E5687AB49C32EA09270BC87DB11CAF3F
                                  SHA1:49BC3024C2E30207719BD426B17B1AB13CE31B7F
                                  SHA-256:8FDF5CD1FEC2AAF6C2B3789F9AD2BE68E771A8431F13D378E3CC1350B6EFB22F
                                  SHA-512:04CE368DF9E57093778059567293AE31580E6A420D7F7BC70CFB33BCFE7ADD269F641A6DE48C78066823195CEA696C118FE4CEE6CFD6506C7238322B03715016
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............3y.....".......................................................................Rich............................PE..L......P...........!....."...,......M(.......@....................T.......................@..........................Z..{....M..d....p..(.......................T....................................D..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data........`.......B..............@....rsrc...(....p.......D..............@..@.reloc...............L..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):285696
                                  Entropy (8bit):5.572573413945718
                                  Encrypted:false
                                  SSDEEP:3072:DwjgV4kFiDZNp9LrjSmkcBPcwq6eKGe5QdiRaXGyTs3mFUyeGyNA9prpyn7OKMJQ:ssu/p9LrjpkiPcw195YTVjpyn7OKJ
                                  MD5:4B4E611F2655C0EF0210410F39CBCBE9
                                  SHA1:ECD7F43D0AD65594B0B184F1C9576DC1BD212987
                                  SHA-256:113FBF0A7C1404BA9B8F052A74D93889F8EA62692548E722A0E2BB944AA4565C
                                  SHA-512:71CA1D99FC97E3AD7F75016FA501CEBCD8DEABF6118E9CB47B718238A26C8E65C515440A1B177CB4E07BFEECC39C2D6B264BDFF1F28C35A3D67F8A194F1DDFDD
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B...#...#...#......#..Hlv..#...[u..#...[s..#...#..S#...[c..#...[d..#...[r..#...[t..#...[q..#..Rich.#..................PE..L......P...........!.........>...............0....................T.................r.....@..........................:..|...d'..d....P..,....................`......................................8...@............0..d............................text............................... ..`.rdata.......0......................@..@.data...D....@.......*..............@....rsrc...,....P.......4..............@..@.reloc.......`... ...<..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):9728
                                  Entropy (8bit):5.817204247270118
                                  Encrypted:false
                                  SSDEEP:192:i3k7W6q1ND1iRH+HzF1YfbIb/vXyzj3XK2dqSc1U5jwEF:i3kKbBiRHiTFjX6b62nuVE
                                  MD5:3449BBFAC55BFA14CDFD83E2D90F3D7E
                                  SHA1:6BD778F81D672453B06E09DD405BD45E22062A70
                                  SHA-256:EDCCB048476F4B029EB3E675B16E0CFBE0BBC4D795977E4C7FCF6AE520D453F1
                                  SHA-512:2EEBE36F2FF1B60667F242840D7C6B2AB9507A9212A1EF8B8F4916B07667E1235C288EDF2157183B2BDA575462F3E4F128329DB26539512A9B51C5C62436153F
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K.8.*.k.*.k.*.k.R]k.*.k.RKk.*.k.RLk.*.k.R[k.*.k.*.k.*.k..k.*.k.RAk.*.k.RZk.*.k.RYk.*.kRich.*.k........PE..L.....O...........!................u........ ...............................P.......................................(..H....#..d............................@.......!...............................!..@............ ...............................text...*........................... ..`.rdata....... ......................@..@.data...4....0......................@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):69632
                                  Entropy (8bit):6.40655396918773
                                  Encrypted:false
                                  SSDEEP:1536:hpCW/+2SJKsysRSy79TxAjtIqSqBPv3jVqVIzCSvwR6fcqF:hpCB53SGxAjtIqhBTqsCSYkfZ
                                  MD5:7B0CE5532A3FAE1B1849DBAD45D33979
                                  SHA1:CEA8CCFD50255FC3D19C25BFC07BB277A0C7DA93
                                  SHA-256:7096C32E7A8C4DFF19B3043C30638F1E4BB05CE9453AF7C2048E8AE0D15CBCA9
                                  SHA-512:E3B94FF0DAD5C9E0888387E854F00A92B274344DB9581A4792DDE1774E461DC6C250FD6A0EBBDA2191F3D4A1A1CB558A1838A0D91642810C0C2C6C8AC9AB63A3
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../f..N...N...N....s..N...6...N...6...N.......N...N..aN...6...N...6...N...6...N...6...N..Rich.N..........................PE..L....0.P...........!.........P...............................................@............@.........................p...B...l...P............................ ..........................................@............................................text............................... ..`.rdata...,..........................@..@.data...............................@....rsrc...............................@..@.reloc..8.... ......................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):337920
                                  Entropy (8bit):6.780316224449195
                                  Encrypted:false
                                  SSDEEP:6144:m69lqfZGBQlOpI6i8LXrHvXItwlUfIb2Inuioc6N94AdqP2YWvSdwKY:Zlu2BpLiPwlUfIKKuioD4LP22dwf
                                  MD5:CF2FB22554B51181867EFA2FADBF0059
                                  SHA1:A96515BE43041C243A939CA142175A805C827837
                                  SHA-256:C59F96044488EFD96D51C4DDBDDF8B0FE4BBA79797B02263357BF0C20BF12F83
                                  SHA-512:1F86EDE16746641EF4692FC9603F162ED4D529E1F81EADDD711F001561036D954BB963BBC41D781E2C405B17DC60C4732C58367C9C1A8A34F5B56633BE2AEE2B
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..]................................E...8T..........w...........................Rich............PE..L......O...........!.....>..........{........P...............................p..............................................L...(....0.......................@.......Q..................................@............P..|............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....(..........................@....rsrc........0......................@..@.reloc..\#...@...$..................@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):686592
                                  Entropy (8bit):5.427102465214309
                                  Encrypted:false
                                  SSDEEP:12288:/3F3AxoMPBt8FpQsVdFiI5mZMPXubUxktwd:/3dxM8XQsVdXSPAxLd
                                  MD5:AD7DFE789B1256F039406B640ACD9C0D
                                  SHA1:8305B635191F30762CB80CBFC950BC4D087D14DA
                                  SHA-256:BABAC4908787CA7B033E8FA1612E04DEA5456BCC97714E732138DDEB3888CD1B
                                  SHA-512:EE4A260DB2836F5D8F0F8D27884464C369E63EE34BC06DBDB7362331A8032D3E1C2D37579189E5379D1703512C64119E35A34EAB8B218F23C01FC7FB97D529E0
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?_..{>|.{>|.{>|.rF.y>|.rF..u>|.rF..y>|.rF.~>|.\...y>|.{>}.F>|.rF.z>|.rF.z>|.rF.z>|.Rich{>|.........................PE..L.....O...........!.....&...R...............@......................................................................pX..R...LR..P...............................`... A..............................0Q..@............@...............................text...:%.......&.................. ..`.rdata.......@.......*..............@..@.data....+...`...*...D..............@....reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):381
                                  Entropy (8bit):4.61619583478081
                                  Encrypted:false
                                  SSDEEP:6:B6shXWkR9YrtR7eRtcGTl40VUWLRVFtVgkyHJInZ5BmsMWl5imvW+7jEth9:cshmkUBR8R4/WlngkCJIZ5Bm9Wl5dO0U
                                  MD5:336FC09168F91DCAF30549E5C84F62D2
                                  SHA1:95DD1112E06493D21C5715FF967E5262B3409EE0
                                  SHA-256:7FEA4D32BC13ADCADB1E4542182815B25B5E952E131AFE9DEBB7A41A2EC6BBEB
                                  SHA-512:0463B7E4C6F586C579A5E32A51C6C7F00EE48F8183E7481B97D8BC6A4F3B576EAD0FDB96E08374BC1138025805EDBAE4AD5EB518034626C357974242D343F6CC
                                  Malicious:false
                                  Preview:[bitmessagesettings].settingsversion = 3.port = 8444.timeformat = %%Y-%%m-%%d %%H:%%M:%%S.blackwhitelist = black.startonlogon = false.minimizetotray = true.showtraynotifications = true.startintray = false.socksproxytype = none.sockshostname = localhost.socksport = 9050.socksauthentication = false.socksusername = .sockspassword = .keysencrypted = false.messagesencrypted = false..
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):255
                                  Entropy (8bit):4.07810142163246
                                  Encrypted:false
                                  SSDEEP:6:hTVRq5pswyWRB23m0OObleUN0m2ZGnxsUH4OWCVPwlVOKlM:ljq5psn5u1DXCVoPOR
                                  MD5:DC83B7DC3386F090BD56E9F4DE77A36C
                                  SHA1:B08F04207785D175BF74E9F38A16CAF1772DC8A2
                                  SHA-256:62FFC6DE4FE3429A59F11566FE768D09534E69769DDE64E24A21D4AA9A6D4AC0
                                  SHA-512:FAF3EA8073909FBFB8AB4B92EF2AEF35FAF345E73E7E82EBD6823860A458DE5D1EDA95DF3BFC84CADB0ED1F9688D4702BE3A2BCA7BE150F7F11AA2CB01C8CF14
                                  Malicious:false
                                  Preview:(dp0.I1.(dp1.S'76.180.233.38'.p2.(I8444.I1734007682.tp3.sS'60.242.109.18'.p4.(I8444.I1734007682.tp5.sS'74.132.73.137'.p6.(I8444.I1734007682.tp7.sS'66.65.120.151'.p8.(I8080.I1734007682.tp9.sS'84.48.88.42'.p10.(I8444.I1734007682.tp11.ssI2.(dp12.sI3.(dp13.s.
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 0, page size 1024, file counter 12, database pages 0, cookie 0x9, schema 1, UTF-8, version-valid-for 0
                                  Category:dropped
                                  Size (bytes):16384
                                  Entropy (8bit):1.7072878661408615
                                  Encrypted:false
                                  SSDEEP:48:ki4oGltXuKR72lDBgiiXr72liXuA72liXuKoGlOsbukwuDiau7Sz:kFzFuS2Dla2+uA2+uuOsbuk3D5u+
                                  MD5:8DF7C7387A7A29166BCA07FEF142594C
                                  SHA1:DB89392C188227300A0F2C36169F92C42B9A3260
                                  SHA-256:4357A85B6313B94FD60401293319ACAB4C549C43EC5402790AF8D957F01AB2F0
                                  SHA-512:2184EB7E908A2D2CC6DB3126A2DBE22191440D479F5E875149E0A05D1A58FAD489859F513AA66B1C548E483C8F59FEDF6FC2815714C5E838CA8EEF07BF20E81D
                                  Malicious:false
                                  Preview:SQLite format 3......@ .............................................................................................d..............................................^........tablewhitelistwhitelist.CREATE TABLE whitelist (label text, address text, enabled bool)^........tableblacklistblacklist.CREATE TABLE blacklist (label text, address text, enabled bool)U...##.stableaddressbookaddressbook.CREATE TABLE addressbook (label text, address text)j...''...tablesubscriptionssubscriptions.CREATE TABLE subscriptions (label text, address text, enabled bool).q.......Etablesentsent.CREATE TABLE sent (msgid blob, toaddress text, toripe blob, fromaddress text, subject text, message text, ackdata blob, lastactiontime integer, status text, pubkeyretrynumber integer, msgretrynumber integer, folder text).3.......Etableinboxinbox.CREATE TABLE inbox (msgid blob, toaddress text, fromaddress text, subject text, received text, message text, folder text, UNIQUE(msgid) ON CONFLICT REPLACE))...=...indexsqlite_aut
                                  Process:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  File Type:SQLite Rollback Journal
                                  Category:dropped
                                  Size (bytes):3608
                                  Entropy (8bit):2.2996242077386513
                                  Encrypted:false
                                  SSDEEP:24:7+tzl7O80CiK+Ano+AbB0A1GlAALXzqSAZfA4v0R9BSAVA2nN2Acf+:7MMEi4oGltXuKR72l+
                                  MD5:CC89C324EEAA9988FE834B7F9D67627A
                                  SHA1:4906206E0A5B3F5049F6383660213944998F666E
                                  SHA-256:C888B860972A01F96013CE39F3653F7298FC004A53B9C4A02E015950D0A3F8A0
                                  SHA-512:101DE9D0DDAEF5E1D0215FB49BD808324F43458FAE83FEBB2816C26502A04EE4FF349F7A19A28154DC22F039C643144F50A3C1DBAC4296748BD929F93E60F9BC
                                  Malicious:false
                                  Preview:.... .c.....8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Entropy (8bit):7.993336845972698
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:zZ8OdFfZnb.exe
                                  File size:12'334'118 bytes
                                  MD5:c609aa9c95f4bc7f308ac50c01452926
                                  SHA1:db78a1b577cdbef87ab2bc9f8232778b7715e589
                                  SHA256:009cd6b28c31516976cb86fb7e15fc325650549bc9d7724aa33b42aaa6e87f94
                                  SHA512:7373c80a3a2187b54848dbfa17f22bfb8216ffd807462b1f97b43e800c9b83dabc279e2ddb6e2e7f35c6f9934e3597e0c51e45b4309167417697659f2e60150d
                                  SSDEEP:196608:B7Qna/HcPqzgMS41NvGp05YWksDM/BVqtRHCGL6UlOkZdzse8IQsretItgCRbZoB:6nMcPqza4X+puYyDM/BcEUFKe8KytKgb
                                  TLSH:24C63348B65CC973D4603AF01424E4B244B35F7722D7965BB239B2A314FB283EE7964E
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R.R.R.R.R.R6.IR.R.R.$zR.R.R.$OR.R.R.*BR.R.R.R.R.R.R.${R=R.R.$KR.R.R.$LR.R.RRich.R.R................PE..L...CP.O...........
                                  Icon Hash:0cc6e36131010f4f
                                  Entrypoint:0x4093b1
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x4FBF5043 [Fri May 25 09:26:27 2012 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:5
                                  OS Version Minor:1
                                  File Version Major:5
                                  File Version Minor:1
                                  Subsystem Version Major:5
                                  Subsystem Version Minor:1
                                  Import Hash:acbc8f761f4e19d096f011fd86326533
                                  Instruction
                                  call 00007F7B45004BC7h
                                  jmp 00007F7B44FFEEEEh
                                  mov edi, edi
                                  push ebp
                                  mov ebp, esp
                                  sub esp, 00000328h
                                  mov dword ptr [0041C440h], eax
                                  mov dword ptr [0041C43Ch], ecx
                                  mov dword ptr [0041C438h], edx
                                  mov dword ptr [0041C434h], ebx
                                  mov dword ptr [0041C430h], esi
                                  mov dword ptr [0041C42Ch], edi
                                  mov word ptr [0041C458h], ss
                                  mov word ptr [0041C44Ch], cs
                                  mov word ptr [0041C428h], ds
                                  mov word ptr [0041C424h], es
                                  mov word ptr [0041C420h], fs
                                  mov word ptr [0041C41Ch], gs
                                  pushfd
                                  pop dword ptr [0041C450h]
                                  mov eax, dword ptr [ebp+00h]
                                  mov dword ptr [0041C444h], eax
                                  mov eax, dword ptr [ebp+04h]
                                  mov dword ptr [0041C448h], eax
                                  lea eax, dword ptr [ebp+08h]
                                  mov dword ptr [0041C454h], eax
                                  mov eax, dword ptr [ebp-00000320h]
                                  mov dword ptr [0041C390h], 00010001h
                                  mov eax, dword ptr [0041C448h]
                                  mov dword ptr [0041C344h], eax
                                  mov dword ptr [0041C338h], C0000409h
                                  mov dword ptr [0041C33Ch], 00000001h
                                  mov eax, dword ptr [0041B010h]
                                  mov dword ptr [ebp-00000328h], eax
                                  mov eax, dword ptr [0041B014h]
                                  mov dword ptr [ebp-00000324h], eax
                                  call dword ptr [000000A8h]
                                  Programming Language:
                                  • [C++] VS2010 build 30319
                                  • [ASM] VS2010 build 30319
                                  • [IMP] VS2008 SP1 build 30729
                                  • [ C ] VS2010 build 30319
                                  • [RES] VS2010 build 30319
                                  • [LNK] VS2010 build 30319
                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x19b640x50.rdata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f0000x19cbc.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x390000xe00.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x195300x40.rdata
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x140000x190.rdata
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x10000x12d7f0x12e001bfa456795c6dbfcdbbd63e3dc957e15False0.5918874172185431data6.622797920414301IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rdata0x140000x646e0x6600c58d8ff39563037d876c7e24bc6b39abFalse0.5713848039215687data6.404145593981074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .data0x1b0000x31880x120036af965c41c9a8011597f02ff24d3e40False0.1773003472222222DOS executable (block device driver \277D)2.0552913171413474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0x1f0000x19cbc0x19e004dc4ebef2a1f4ca1daf49dd5cd01f492False0.29612960446859904data4.745963597128975IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0x390000x145e0x160083ac95b493190ec68f7081369a27c03eFalse0.5440340909090909data5.039409380069048IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_ICON0x1f1f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.625886524822695
                                  RT_ICON0x1f6580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.44582551594746717
                                  RT_ICON0x207000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.36887966804979255
                                  RT_ICON0x22ca80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.32563769485120453
                                  RT_ICON0x26ed00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.2638560274458772
                                  RT_ICON0x376f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                  RT_ICON0x387a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                  RT_GROUP_ICON0x38c080x4cdata0.7763157894736842
                                  RT_GROUP_ICON0x38c540x68data0.7019230769230769
                                  DLLImport
                                  USER32.dllMessageBoxA
                                  KERNEL32.dllRemoveDirectoryA, TlsSetValue, GetVersionExA, GetProcAddress, LoadLibraryA, GetModuleFileNameA, GetModuleFileNameW, GetExitCodeProcess, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, GetTempPathA, GetLastError, LoadLibraryExA, Sleep, CreateDirectoryA, SetStdHandle, EnterCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, GetFileType, DecodePointer, EncodePointer, SetConsoleCtrlHandler, HeapFree, GetModuleHandleW, ExitProcess, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileExA, HeapAlloc, DeleteFileA, FindNextFileA, GetCommandLineA, HeapSetInformation, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, RtlUnwind, SetHandleCount, GetStdHandle, DeleteCriticalSection, TlsAlloc, TlsGetValue, SetEnvironmentVariableW, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapCreate, WideCharToMultiByte, LoadLibraryW, WriteFile, GetFullPathNameA, CloseHandle, GetFileInformationByHandle, PeekNamedPipe, CreateFileA, GetCurrentDirectoryW, GetFileAttributesA, MultiByteToWideChar, ReadFile, SetFilePointer, GetConsoleCP, GetConsoleMode, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapReAlloc, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CompareStringW, SetEnvironmentVariableA, HeapSize, GetDriveTypeW, SetEndOfFile, GetProcessHeap, GetTimeZoneInformation, LCMapStringW, WriteConsoleW, GetStringTypeW, CreateFileW
                                  WS2_32.dllntohl
                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-12-12T13:47:54.307701+01002022075ET MALWARE Possible Chimera Ransomware - Bitmessage Activity1192.168.2.649723158.69.63.428080TCP
                                  2024-12-12T13:47:54.307701+01002022075ET MALWARE Possible Chimera Ransomware - Bitmessage Activity1192.168.2.64978966.65.120.1518080TCP
                                  2024-12-12T13:47:54.307701+01002022075ET MALWARE Possible Chimera Ransomware - Bitmessage Activity1192.168.2.649722185.19.31.468080TCP
                                  2024-12-12T13:48:05.938612+01002022075ET MALWARE Possible Chimera Ransomware - Bitmessage Activity1192.168.2.649722185.19.31.468080TCP
                                  2024-12-12T13:48:06.161557+01002022075ET MALWARE Possible Chimera Ransomware - Bitmessage Activity1192.168.2.649723158.69.63.428080TCP
                                  2024-12-12T13:48:30.707612+01002022075ET MALWARE Possible Chimera Ransomware - Bitmessage Activity1192.168.2.64978966.65.120.1518080TCP
                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 12, 2024 13:48:05.804629087 CET497228080192.168.2.6185.19.31.46
                                  Dec 12, 2024 13:48:05.924688101 CET808049722185.19.31.46192.168.2.6
                                  Dec 12, 2024 13:48:05.924794912 CET497228080192.168.2.6185.19.31.46
                                  Dec 12, 2024 13:48:05.938611984 CET497228080192.168.2.6185.19.31.46
                                  Dec 12, 2024 13:48:06.039871931 CET497238080192.168.2.6158.69.63.42
                                  Dec 12, 2024 13:48:06.058729887 CET808049722185.19.31.46192.168.2.6
                                  Dec 12, 2024 13:48:06.160449982 CET808049723158.69.63.42192.168.2.6
                                  Dec 12, 2024 13:48:06.160538912 CET497238080192.168.2.6158.69.63.42
                                  Dec 12, 2024 13:48:06.161556959 CET497238080192.168.2.6158.69.63.42
                                  Dec 12, 2024 13:48:06.274121046 CET497248444192.168.2.6185.158.248.216
                                  Dec 12, 2024 13:48:06.282571077 CET808049723158.69.63.42192.168.2.6
                                  Dec 12, 2024 13:48:06.394532919 CET844449724185.158.248.216192.168.2.6
                                  Dec 12, 2024 13:48:06.394612074 CET497248444192.168.2.6185.158.248.216
                                  Dec 12, 2024 13:48:06.395652056 CET497248444192.168.2.6185.158.248.216
                                  Dec 12, 2024 13:48:06.508682013 CET497258444192.168.2.684.48.88.42
                                  Dec 12, 2024 13:48:06.515645981 CET844449724185.158.248.216192.168.2.6
                                  Dec 12, 2024 13:48:06.628427982 CET84444972584.48.88.42192.168.2.6
                                  Dec 12, 2024 13:48:06.628540039 CET497258444192.168.2.684.48.88.42
                                  Dec 12, 2024 13:48:06.629926920 CET497258444192.168.2.684.48.88.42
                                  Dec 12, 2024 13:48:06.749706984 CET84444972584.48.88.42192.168.2.6
                                  Dec 12, 2024 13:48:07.572529078 CET808049723158.69.63.42192.168.2.6
                                  Dec 12, 2024 13:48:07.617501974 CET497238080192.168.2.6158.69.63.42
                                  Dec 12, 2024 13:48:08.809385061 CET808049722185.19.31.46192.168.2.6
                                  Dec 12, 2024 13:48:08.851927042 CET497228080192.168.2.6185.19.31.46
                                  Dec 12, 2024 13:48:09.076796055 CET844449724185.158.248.216192.168.2.6
                                  Dec 12, 2024 13:48:09.117515087 CET497248444192.168.2.6185.158.248.216
                                  Dec 12, 2024 13:48:09.789877892 CET497368444192.168.2.660.242.109.18
                                  Dec 12, 2024 13:48:09.910588026 CET84444973660.242.109.18192.168.2.6
                                  Dec 12, 2024 13:48:09.910906076 CET497368444192.168.2.660.242.109.18
                                  Dec 12, 2024 13:48:09.911962986 CET497368444192.168.2.660.242.109.18
                                  Dec 12, 2024 13:48:10.031673908 CET84444973660.242.109.18192.168.2.6
                                  Dec 12, 2024 13:48:12.055924892 CET497428444192.168.2.685.25.152.9
                                  Dec 12, 2024 13:48:12.175945997 CET84444974285.25.152.9192.168.2.6
                                  Dec 12, 2024 13:48:12.176240921 CET497428444192.168.2.685.25.152.9
                                  Dec 12, 2024 13:48:12.177227974 CET497428444192.168.2.685.25.152.9
                                  Dec 12, 2024 13:48:12.290051937 CET497438444192.168.2.6194.164.163.84
                                  Dec 12, 2024 13:48:12.297103882 CET84444974285.25.152.9192.168.2.6
                                  Dec 12, 2024 13:48:12.409929991 CET844449743194.164.163.84192.168.2.6
                                  Dec 12, 2024 13:48:12.410027981 CET497438444192.168.2.6194.164.163.84
                                  Dec 12, 2024 13:48:12.410921097 CET497438444192.168.2.6194.164.163.84
                                  Dec 12, 2024 13:48:12.524291992 CET497448444192.168.2.674.132.73.137
                                  Dec 12, 2024 13:48:12.530606031 CET844449743194.164.163.84192.168.2.6
                                  Dec 12, 2024 13:48:12.644412041 CET84444974474.132.73.137192.168.2.6
                                  Dec 12, 2024 13:48:12.644529104 CET497448444192.168.2.674.132.73.137
                                  Dec 12, 2024 13:48:12.645608902 CET497448444192.168.2.674.132.73.137
                                  Dec 12, 2024 13:48:12.765423059 CET84444974474.132.73.137192.168.2.6
                                  Dec 12, 2024 13:48:14.478862047 CET844449743194.164.163.84192.168.2.6
                                  Dec 12, 2024 13:48:14.523772955 CET497438444192.168.2.6194.164.163.84
                                  Dec 12, 2024 13:48:28.556616068 CET84444972584.48.88.42192.168.2.6
                                  Dec 12, 2024 13:48:28.559874058 CET497258444192.168.2.684.48.88.42
                                  Dec 12, 2024 13:48:28.560045958 CET497258444192.168.2.684.48.88.42
                                  Dec 12, 2024 13:48:28.679775953 CET84444972584.48.88.42192.168.2.6
                                  Dec 12, 2024 13:48:28.822288990 CET808049722185.19.31.46192.168.2.6
                                  Dec 12, 2024 13:48:28.825876951 CET497228080192.168.2.6185.19.31.46
                                  Dec 12, 2024 13:48:28.826858997 CET497228080192.168.2.6185.19.31.46
                                  Dec 12, 2024 13:48:28.946669102 CET808049722185.19.31.46192.168.2.6
                                  Dec 12, 2024 13:48:29.418148041 CET808049723158.69.63.42192.168.2.6
                                  Dec 12, 2024 13:48:29.418231964 CET497238080192.168.2.6158.69.63.42
                                  Dec 12, 2024 13:48:29.418378115 CET497238080192.168.2.6158.69.63.42
                                  Dec 12, 2024 13:48:29.538120031 CET808049723158.69.63.42192.168.2.6
                                  Dec 12, 2024 13:48:29.695624113 CET844449724185.158.248.216192.168.2.6
                                  Dec 12, 2024 13:48:29.695704937 CET497248444192.168.2.6185.158.248.216
                                  Dec 12, 2024 13:48:29.695849895 CET497248444192.168.2.6185.158.248.216
                                  Dec 12, 2024 13:48:29.815849066 CET844449724185.158.248.216192.168.2.6
                                  Dec 12, 2024 13:48:30.586711884 CET497898080192.168.2.666.65.120.151
                                  Dec 12, 2024 13:48:30.706465960 CET80804978966.65.120.151192.168.2.6
                                  Dec 12, 2024 13:48:30.706562042 CET497898080192.168.2.666.65.120.151
                                  Dec 12, 2024 13:48:30.707612038 CET497898080192.168.2.666.65.120.151
                                  Dec 12, 2024 13:48:30.827436924 CET80804978966.65.120.151192.168.2.6
                                  Dec 12, 2024 13:48:31.806143045 CET84444973660.242.109.18192.168.2.6
                                  Dec 12, 2024 13:48:31.806268930 CET497368444192.168.2.660.242.109.18
                                  Dec 12, 2024 13:48:31.806379080 CET497368444192.168.2.660.242.109.18
                                  Dec 12, 2024 13:48:31.836635113 CET497958444192.168.2.685.114.135.102
                                  Dec 12, 2024 13:48:31.926141024 CET84444973660.242.109.18192.168.2.6
                                  Dec 12, 2024 13:48:31.956674099 CET84444979585.114.135.102192.168.2.6
                                  Dec 12, 2024 13:48:31.956871033 CET497958444192.168.2.685.114.135.102
                                  Dec 12, 2024 13:48:31.957916021 CET497958444192.168.2.685.114.135.102
                                  Dec 12, 2024 13:48:32.077775002 CET84444979585.114.135.102192.168.2.6
                                  Dec 12, 2024 13:48:34.087682009 CET84444974285.25.152.9192.168.2.6
                                  Dec 12, 2024 13:48:34.087877989 CET497428444192.168.2.685.25.152.9
                                  Dec 12, 2024 13:48:34.087878942 CET497428444192.168.2.685.25.152.9
                                  Dec 12, 2024 13:48:34.207896948 CET84444974285.25.152.9192.168.2.6
                                  Dec 12, 2024 13:48:34.413363934 CET84444979585.114.135.102192.168.2.6
                                  Dec 12, 2024 13:48:34.461329937 CET497958444192.168.2.685.114.135.102
                                  Dec 12, 2024 13:48:34.556396961 CET84444974474.132.73.137192.168.2.6
                                  Dec 12, 2024 13:48:34.556490898 CET497448444192.168.2.674.132.73.137
                                  Dec 12, 2024 13:48:34.556591034 CET497448444192.168.2.674.132.73.137
                                  Dec 12, 2024 13:48:34.676453114 CET84444974474.132.73.137192.168.2.6
                                  Dec 12, 2024 13:48:36.133557081 CET498068444192.168.2.676.180.233.38
                                  Dec 12, 2024 13:48:36.199645042 CET844449743194.164.163.84192.168.2.6
                                  Dec 12, 2024 13:48:36.199791908 CET497438444192.168.2.6194.164.163.84
                                  Dec 12, 2024 13:48:36.199872017 CET497438444192.168.2.6194.164.163.84
                                  Dec 12, 2024 13:48:36.253427982 CET84444980676.180.233.38192.168.2.6
                                  Dec 12, 2024 13:48:36.253576994 CET498068444192.168.2.676.180.233.38
                                  Dec 12, 2024 13:48:36.254465103 CET498068444192.168.2.676.180.233.38
                                  Dec 12, 2024 13:48:36.320017099 CET844449743194.164.163.84192.168.2.6
                                  Dec 12, 2024 13:48:36.374376059 CET84444980676.180.233.38192.168.2.6
                                  Dec 12, 2024 13:48:52.635970116 CET80804978966.65.120.151192.168.2.6
                                  Dec 12, 2024 13:48:52.636065006 CET497898080192.168.2.666.65.120.151
                                  Dec 12, 2024 13:48:52.636162996 CET497898080192.168.2.666.65.120.151
                                  Dec 12, 2024 13:48:52.755832911 CET80804978966.65.120.151192.168.2.6
                                  Dec 12, 2024 13:48:55.047864914 CET84444979585.114.135.102192.168.2.6
                                  Dec 12, 2024 13:48:55.047972918 CET497958444192.168.2.685.114.135.102
                                  Dec 12, 2024 13:48:55.048116922 CET497958444192.168.2.685.114.135.102
                                  Dec 12, 2024 13:48:55.167985916 CET84444979585.114.135.102192.168.2.6
                                  Dec 12, 2024 13:48:58.170897961 CET84444980676.180.233.38192.168.2.6
                                  Dec 12, 2024 13:48:58.171679020 CET498068444192.168.2.676.180.233.38
                                  Dec 12, 2024 13:48:58.171809912 CET498068444192.168.2.676.180.233.38
                                  Dec 12, 2024 13:48:58.291645050 CET84444980676.180.233.38192.168.2.6
                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 12, 2024 13:48:04.240505934 CET5767653192.168.2.61.1.1.1
                                  Dec 12, 2024 13:48:04.383392096 CET53576761.1.1.1192.168.2.6
                                  Dec 12, 2024 13:48:04.385833025 CET5930353192.168.2.61.1.1.1
                                  Dec 12, 2024 13:48:04.524029970 CET53593031.1.1.1192.168.2.6
                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Dec 12, 2024 13:48:04.240505934 CET192.168.2.61.1.1.10x76d9Standard query (0)bootstrap8080.bitmessage.orgA (IP address)IN (0x0001)false
                                  Dec 12, 2024 13:48:04.385833025 CET192.168.2.61.1.1.10x7830Standard query (0)bootstrap8444.bitmessage.orgA (IP address)IN (0x0001)false
                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 12, 2024 13:48:04.383392096 CET1.1.1.1192.168.2.60x76d9No error (0)bootstrap8080.bitmessage.org185.19.31.46A (IP address)IN (0x0001)false
                                  Dec 12, 2024 13:48:04.383392096 CET1.1.1.1192.168.2.60x76d9No error (0)bootstrap8080.bitmessage.org158.69.63.42A (IP address)IN (0x0001)false
                                  Dec 12, 2024 13:48:04.524029970 CET1.1.1.1192.168.2.60x7830No error (0)bootstrap8444.bitmessage.org85.25.152.9A (IP address)IN (0x0001)false
                                  Dec 12, 2024 13:48:04.524029970 CET1.1.1.1192.168.2.60x7830No error (0)bootstrap8444.bitmessage.org185.158.248.216A (IP address)IN (0x0001)false
                                  Dec 12, 2024 13:48:04.524029970 CET1.1.1.1192.168.2.60x7830No error (0)bootstrap8444.bitmessage.org194.164.163.84A (IP address)IN (0x0001)false
                                  Dec 12, 2024 13:48:04.524029970 CET1.1.1.1192.168.2.60x7830No error (0)bootstrap8444.bitmessage.org85.114.135.102A (IP address)IN (0x0001)false

                                  Click to jump to process

                                  Click to jump to process

                                  Click to dive into process behavior distribution

                                  Click to jump to process

                                  Target ID:0
                                  Start time:07:47:59
                                  Start date:12/12/2024
                                  Path:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\zZ8OdFfZnb.exe"
                                  Imagebase:0xd80000
                                  File size:12'334'118 bytes
                                  MD5 hash:C609AA9C95F4BC7F308AC50C01452926
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  Target ID:2
                                  Start time:07:48:02
                                  Start date:12/12/2024
                                  Path:C:\Users\user\Desktop\zZ8OdFfZnb.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\zZ8OdFfZnb.exe"
                                  Imagebase:0xd80000
                                  File size:12'334'118 bytes
                                  MD5 hash:C609AA9C95F4BC7F308AC50C01452926
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:10.8%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:8.6%
                                    Total number of Nodes:2000
                                    Total number of Limit Nodes:145
                                    execution_graph 14411 d8d1c9 14412 d8d1d5 __tsopen_nolock 14411->14412 14413 d89e20 __lock 66 API calls 14412->14413 14418 d8d1e1 14413->14418 14414 d8d254 14424 d8d269 14414->14424 14416 d8d260 __tsopen_nolock 14417 d868c6 __getstream 67 API calls 14417->14418 14418->14414 14418->14417 14420 d88a3e __fclose_nolock 100 API calls 14418->14420 14421 d8d243 14418->14421 14420->14418 14422 d86934 __getstream 2 API calls 14421->14422 14423 d8d251 14422->14423 14423->14418 14427 d89d47 LeaveCriticalSection 14424->14427 14426 d8d270 14426->14416 14427->14426 10638 d85300 10641 d880e7 10638->10641 10642 d88164 10641->10642 10650 d880f5 10641->10650 10643 d8ac17 _malloc DecodePointer 10642->10643 10644 d8816a 10643->10644 10646 d8987e __tolower_l 65 API calls 10644->10646 10657 d8530f 10646->10657 10647 d88123 RtlAllocateHeap 10647->10650 10647->10657 10649 d88150 10696 d8987e 10649->10696 10650->10647 10650->10649 10654 d8814e 10650->10654 10655 d88100 10650->10655 10694 d8ac17 DecodePointer 10650->10694 10656 d8987e __tolower_l 65 API calls 10654->10656 10655->10650 10658 d8afbd 10655->10658 10667 d8ae0e 10655->10667 10691 d870c1 10655->10691 10656->10657 10699 d90806 10658->10699 10660 d8afc4 10661 d90806 __NMSG_WRITE 66 API calls 10660->10661 10665 d8afd1 10660->10665 10661->10665 10662 d8ae0e __NMSG_WRITE 66 API calls 10663 d8afe9 10662->10663 10666 d8ae0e __NMSG_WRITE 66 API calls 10663->10666 10664 d8aff3 10664->10655 10665->10662 10665->10664 10666->10664 10668 d8ae2f __NMSG_WRITE 10667->10668 10670 d90806 __NMSG_WRITE 63 API calls 10668->10670 10690 d8af4b 10668->10690 10669 d861bd __findfirst64i32 5 API calls 10671 d8afbb 10669->10671 10672 d8ae49 10670->10672 10671->10655 10673 d8af5a GetStdHandle 10672->10673 10674 d90806 __NMSG_WRITE 63 API calls 10672->10674 10677 d8af68 _strlen 10673->10677 10673->10690 10675 d8ae5a 10674->10675 10675->10673 10676 d8ae6c 10675->10676 10676->10690 10733 d907a3 10676->10733 10680 d8af9e WriteFile 10677->10680 10677->10690 10680->10690 10681 d8ae98 GetModuleFileNameW 10682 d8aeb9 10681->10682 10685 d8aec5 _wcslen 10681->10685 10683 d907a3 ___crtwsetenv 63 API calls 10682->10683 10683->10685 10684 d89c44 __invoke_watson 10 API calls 10684->10685 10685->10684 10687 d90646 63 API calls __NMSG_WRITE 10685->10687 10688 d8af3b 10685->10688 10742 d906bb 10685->10742 10687->10685 10751 d904da 10688->10751 10690->10669 10770 d87096 GetModuleHandleW 10691->10770 10695 d8ac2c 10694->10695 10695->10650 10773 d8a350 GetLastError 10696->10773 10698 d89883 10698->10654 10700 d90812 10699->10700 10701 d9081c 10700->10701 10702 d8987e __tolower_l 66 API calls 10700->10702 10701->10660 10703 d90835 10702->10703 10706 d89c96 10703->10706 10709 d89c69 DecodePointer 10706->10709 10710 d89c7e 10709->10710 10715 d89c44 10710->10715 10712 d89c95 10713 d89c69 __tsopen_nolock 10 API calls 10712->10713 10714 d89ca2 10713->10714 10714->10660 10718 d89b1b 10715->10718 10719 d89b3a _memset __call_reportfault 10718->10719 10720 d89b58 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10719->10720 10721 d89c26 __call_reportfault 10720->10721 10724 d861bd 10721->10724 10723 d89c42 GetCurrentProcess TerminateProcess 10723->10712 10725 d861c5 10724->10725 10726 d861c7 IsDebuggerPresent 10724->10726 10725->10723 10732 d8efb3 10726->10732 10729 d89488 SetUnhandledExceptionFilter UnhandledExceptionFilter 10730 d894ad GetCurrentProcess TerminateProcess 10729->10730 10731 d894a5 __call_reportfault 10729->10731 10730->10723 10731->10730 10732->10729 10734 d907b8 10733->10734 10735 d907b1 10733->10735 10736 d8987e __tolower_l 66 API calls 10734->10736 10735->10734 10740 d907d9 10735->10740 10737 d907bd 10736->10737 10738 d89c96 __tsopen_nolock 11 API calls 10737->10738 10739 d8ae8d 10738->10739 10739->10681 10739->10685 10740->10739 10741 d8987e __tolower_l 66 API calls 10740->10741 10741->10737 10747 d906cd 10742->10747 10743 d906d1 10744 d906d6 10743->10744 10745 d8987e __tolower_l 66 API calls 10743->10745 10744->10685 10746 d906ed 10745->10746 10748 d89c96 __tsopen_nolock 11 API calls 10746->10748 10747->10743 10747->10744 10749 d90714 10747->10749 10748->10744 10749->10744 10750 d8987e __tolower_l 66 API calls 10749->10750 10750->10746 10769 d8a219 EncodePointer 10751->10769 10753 d90500 10754 d9058d 10753->10754 10755 d90510 LoadLibraryW 10753->10755 10761 d905a7 DecodePointer DecodePointer 10754->10761 10765 d905ba 10754->10765 10756 d90625 10755->10756 10757 d90525 GetProcAddress 10755->10757 10762 d861bd __findfirst64i32 5 API calls 10756->10762 10757->10756 10760 d9053b 7 API calls 10757->10760 10758 d90619 DecodePointer 10758->10756 10759 d905f0 DecodePointer 10759->10758 10763 d905f7 10759->10763 10760->10754 10764 d9057d GetProcAddress EncodePointer 10760->10764 10761->10765 10766 d90644 10762->10766 10763->10758 10767 d9060a DecodePointer 10763->10767 10764->10754 10765->10758 10765->10759 10768 d905dd 10765->10768 10766->10690 10767->10758 10767->10768 10768->10758 10769->10753 10771 d870aa GetProcAddress 10770->10771 10772 d870ba ExitProcess 10770->10772 10771->10772 10787 d8a22b TlsGetValue 10773->10787 10776 d8a3bd SetLastError 10776->10698 10779 d8a383 DecodePointer 10780 d8a398 10779->10780 10781 d8a39c 10780->10781 10782 d8a3b4 10780->10782 10796 d8a29c 10781->10796 10809 d86e44 10782->10809 10785 d8a3a4 GetCurrentThreadId 10785->10776 10786 d8a3ba 10786->10776 10788 d8a25b 10787->10788 10789 d8a240 DecodePointer TlsSetValue 10787->10789 10788->10776 10790 d89efe 10788->10790 10789->10788 10792 d89f07 10790->10792 10793 d89f44 10792->10793 10794 d89f25 Sleep 10792->10794 10815 d8ab1e 10792->10815 10793->10776 10793->10779 10795 d89f3a 10794->10795 10795->10792 10795->10793 10824 d89e60 10796->10824 10798 d8a2a8 GetModuleHandleW 10825 d89e20 10798->10825 10800 d8a2e6 InterlockedIncrement 10832 d8a33e 10800->10832 10803 d89e20 __lock 64 API calls 10804 d8a307 10803->10804 10835 d8f2eb InterlockedIncrement 10804->10835 10806 d8a325 10847 d8a347 10806->10847 10808 d8a332 __tsopen_nolock 10808->10785 10810 d86e4f RtlFreeHeap 10809->10810 10814 d86e78 __dosmaperr 10809->10814 10811 d86e64 10810->10811 10810->10814 10812 d8987e __tolower_l 64 API calls 10811->10812 10813 d86e6a GetLastError 10812->10813 10813->10814 10814->10786 10816 d8ab2a 10815->10816 10821 d8ab45 10815->10821 10817 d8ab36 10816->10817 10816->10821 10819 d8987e __tolower_l 65 API calls 10817->10819 10818 d8ab58 HeapAlloc 10820 d8ab7f 10818->10820 10818->10821 10822 d8ab3b 10819->10822 10820->10792 10821->10818 10821->10820 10823 d8ac17 _malloc DecodePointer 10821->10823 10822->10792 10823->10821 10824->10798 10826 d89e48 EnterCriticalSection 10825->10826 10827 d89e35 10825->10827 10826->10800 10850 d89d5e 10827->10850 10829 d89e3b 10829->10826 10877 d87363 10829->10877 10927 d89d47 LeaveCriticalSection 10832->10927 10834 d8a300 10834->10803 10836 d8f309 InterlockedIncrement 10835->10836 10837 d8f30c 10835->10837 10836->10837 10838 d8f319 10837->10838 10839 d8f316 InterlockedIncrement 10837->10839 10840 d8f323 InterlockedIncrement 10838->10840 10841 d8f326 10838->10841 10839->10838 10840->10841 10842 d8f330 InterlockedIncrement 10841->10842 10843 d8f333 10841->10843 10842->10843 10844 d8f34c InterlockedIncrement 10843->10844 10845 d8f35c InterlockedIncrement 10843->10845 10846 d8f367 InterlockedIncrement 10843->10846 10844->10843 10845->10843 10846->10806 10928 d89d47 LeaveCriticalSection 10847->10928 10849 d8a34e 10849->10808 10851 d89d6a __tsopen_nolock 10850->10851 10852 d89d7a 10851->10852 10853 d89d92 10851->10853 10854 d8afbd __FF_MSGBANNER 65 API calls 10852->10854 10861 d89da0 __tsopen_nolock 10853->10861 10884 d89eb9 10853->10884 10856 d89d7f 10854->10856 10858 d8ae0e __NMSG_WRITE 65 API calls 10856->10858 10862 d89d86 10858->10862 10859 d89dc1 10864 d89e20 __lock 65 API calls 10859->10864 10860 d89db2 10863 d8987e __tolower_l 65 API calls 10860->10863 10861->10829 10865 d870c1 __mtinitlocknum 3 API calls 10862->10865 10863->10861 10866 d89dc8 10864->10866 10867 d89d90 10865->10867 10868 d89dfb 10866->10868 10869 d89dd0 InitializeCriticalSectionAndSpinCount 10866->10869 10867->10853 10870 d86e44 _free 65 API calls 10868->10870 10871 d89de0 10869->10871 10872 d89dec 10869->10872 10870->10872 10873 d86e44 _free 65 API calls 10871->10873 10890 d89e17 10872->10890 10875 d89de6 10873->10875 10876 d8987e __tolower_l 65 API calls 10875->10876 10876->10872 10878 d8afbd __FF_MSGBANNER 66 API calls 10877->10878 10879 d8736d 10878->10879 10880 d8ae0e __NMSG_WRITE 66 API calls 10879->10880 10881 d87375 10880->10881 10894 d8732f 10881->10894 10886 d89ec2 10884->10886 10885 d880e7 _malloc 65 API calls 10885->10886 10886->10885 10887 d89dab 10886->10887 10888 d89ed9 Sleep 10886->10888 10887->10859 10887->10860 10889 d89eee 10888->10889 10889->10886 10889->10887 10893 d89d47 LeaveCriticalSection 10890->10893 10892 d89e1e 10892->10861 10893->10892 10897 d871d9 10894->10897 10896 d87340 10898 d871e5 __tsopen_nolock 10897->10898 10899 d89e20 __lock 61 API calls 10898->10899 10900 d871ec 10899->10900 10902 d87217 DecodePointer 10900->10902 10906 d87296 10900->10906 10904 d8722e DecodePointer 10902->10904 10902->10906 10911 d87241 10904->10911 10905 d87313 __tsopen_nolock 10905->10896 10920 d87304 10906->10920 10908 d872fb 10910 d870c1 __mtinitlocknum 3 API calls 10908->10910 10913 d87304 10910->10913 10911->10906 10912 d87258 DecodePointer 10911->10912 10917 d87267 DecodePointer DecodePointer 10911->10917 10918 d8a219 EncodePointer 10911->10918 10919 d8a219 EncodePointer 10912->10919 10914 d87311 10913->10914 10925 d89d47 LeaveCriticalSection 10913->10925 10914->10896 10917->10911 10918->10911 10919->10911 10921 d8730a 10920->10921 10922 d872e4 10920->10922 10926 d89d47 LeaveCriticalSection 10921->10926 10922->10905 10924 d89d47 LeaveCriticalSection 10922->10924 10924->10908 10925->10914 10926->10922 10927->10834 10928->10849 14598 d86981 14599 d8698d __tsopen_nolock 14598->14599 14600 d89e20 __lock 66 API calls 14599->14600 14601 d86995 14600->14601 14602 d869bb DecodePointer 14601->14602 14603 d8699e DecodePointer 14601->14603 14604 d869d6 14602->14604 14603->14604 14605 d869e4 14604->14605 14609 d8a219 EncodePointer 14604->14609 14610 d869fd 14605->14610 14608 d869f2 __tsopen_nolock 14609->14605 14613 d89d47 LeaveCriticalSection 14610->14613 14612 d86a03 14612->14608 14613->14612 10932 d89244 10982 d89e60 10932->10982 10934 d89250 GetStartupInfoW 10935 d89264 HeapSetInformation 10934->10935 10937 d8926f 10934->10937 10935->10937 10983 d8a7d7 HeapCreate 10937->10983 10938 d892bd 10939 d892c8 10938->10939 11092 d8921b 10938->11092 11100 d8a512 GetModuleHandleW 10939->11100 10942 d892ce 10943 d892da __RTC_Initialize 10942->10943 10944 d892d2 10942->10944 10984 d898c7 GetStartupInfoW 10943->10984 10945 d8921b _fast_error_exit 66 API calls 10944->10945 10946 d892d9 10945->10946 10946->10943 10949 d892eb 10952 d87363 __amsg_exit 66 API calls 10949->10952 10950 d892f3 GetCommandLineA 10997 d8ee81 GetEnvironmentStringsW 10950->10997 10953 d892f2 10952->10953 10953->10950 10956 d8930d 10957 d89319 10956->10957 10958 d89311 10956->10958 11010 d8eb50 10957->11010 10959 d87363 __amsg_exit 66 API calls 10958->10959 10961 d89318 10959->10961 10961->10957 10962 d8931e 10963 d8932a 10962->10963 10964 d89322 10962->10964 11030 d87142 10963->11030 10966 d87363 __amsg_exit 66 API calls 10964->10966 10968 d89329 10966->10968 10967 d89331 10969 d8933d 10967->10969 10970 d89336 10967->10970 10968->10963 11036 d8eaf1 10969->11036 10971 d87363 __amsg_exit 66 API calls 10970->10971 10973 d8933c 10971->10973 10973->10969 10974 d89342 10975 d89348 10974->10975 11042 d814f0 10974->11042 10975->10974 10977 d8935e 10978 d8936c 10977->10978 11136 d87319 10977->11136 11139 d87345 10978->11139 10981 d89371 __tsopen_nolock 10982->10934 10983->10938 10985 d89efe __calloc_crt 66 API calls 10984->10985 10993 d898e5 10985->10993 10986 d892e7 10986->10949 10986->10950 10987 d89a5a 10989 d89a90 GetStdHandle 10987->10989 10991 d89af4 SetHandleCount 10987->10991 10992 d89aa2 GetFileType 10987->10992 10996 d89ac8 InitializeCriticalSectionAndSpinCount 10987->10996 10988 d899da 10988->10987 10994 d89a11 InitializeCriticalSectionAndSpinCount 10988->10994 10995 d89a06 GetFileType 10988->10995 10989->10987 10990 d89efe __calloc_crt 66 API calls 10990->10993 10991->10986 10992->10987 10993->10986 10993->10987 10993->10988 10993->10990 10994->10986 10994->10988 10995->10988 10995->10994 10996->10986 10996->10987 10999 d8ee9d WideCharToMultiByte 10997->10999 11003 d89303 10997->11003 11000 d8ef0a FreeEnvironmentStringsW 10999->11000 11001 d8eed2 10999->11001 11000->11003 11002 d89eb9 __malloc_crt 66 API calls 11001->11002 11004 d8eed8 11002->11004 11125 d8edc6 11003->11125 11004->11000 11005 d8eee0 WideCharToMultiByte 11004->11005 11006 d8eefe FreeEnvironmentStringsW 11005->11006 11007 d8eef2 11005->11007 11006->11003 11008 d86e44 _free 66 API calls 11007->11008 11009 d8eefa 11008->11009 11009->11006 11011 d8eb59 11010->11011 11014 d8eb5e _strlen 11010->11014 11142 d8fcea 11011->11142 11013 d89efe __calloc_crt 66 API calls 11020 d8eb93 _strlen 11013->11020 11014->11013 11017 d8eb6c 11014->11017 11015 d8ebe2 11016 d86e44 _free 66 API calls 11015->11016 11016->11017 11017->10962 11018 d89efe __calloc_crt 66 API calls 11018->11020 11019 d8ec08 11021 d86e44 _free 66 API calls 11019->11021 11020->11015 11020->11017 11020->11018 11020->11019 11023 d8ec1f 11020->11023 11146 d8aaa2 11020->11146 11021->11017 11024 d89c44 __invoke_watson 10 API calls 11023->11024 11026 d8ec2b 11024->11026 11028 d8ecb8 11026->11028 11155 d922be 11026->11155 11027 d8edb6 11027->10962 11028->11027 11029 d922be 76 API calls __wincmdln 11028->11029 11029->11028 11031 d87150 __IsNonwritableInCurrentImage 11030->11031 11592 d8adc5 11031->11592 11033 d8716e __initterm_e 11035 d8718f __IsNonwritableInCurrentImage 11033->11035 11595 d8ad62 11033->11595 11035->10967 11037 d8eaff 11036->11037 11038 d8eb04 11036->11038 11039 d8fcea ___initmbctable 94 API calls 11037->11039 11040 d8eb40 11038->11040 11041 d922be __wincmdln 76 API calls 11038->11041 11039->11038 11040->10974 11041->11038 11043 d8154d _memset 11042->11043 11660 d87056 11043->11660 11046 d815aa 11667 d812d0 GetModuleFileNameA 11046->11667 11047 d81582 11741 d81860 11047->11741 11051 d815bc 11672 d81300 GetModuleFileNameW 11051->11672 11052 d861bd __findfirst64i32 5 API calls 11054 d815a1 11052->11054 11054->10977 11055 d815c9 11677 d86f05 11055->11677 11057 d815fa 11690 d83660 11057->11690 11059 d8168c 11062 d816e6 11059->11062 11695 d83450 11059->11695 11061 d81631 11061->11059 11064 d83660 155 API calls 11061->11064 11746 d81000 11062->11746 11065 d81660 11064->11065 11065->11059 11067 d81667 11065->11067 11066 d8177c 11700 d834b0 11066->11700 11070 d81860 103 API calls 11067->11070 11073 d81681 11070->11073 11071 d816a7 11077 d93509 109 API calls 11071->11077 11076 d861bd __findfirst64i32 5 API calls 11073->11076 11074 d81758 11762 d83ae0 11074->11762 11080 d81848 11076->11080 11077->11062 11078 d81768 11774 d811d0 11078->11774 11080->10977 11081 d81772 11081->11073 11084 d817d7 11084->11073 11715 d813d0 11084->11715 11093 d89229 11092->11093 11094 d8922e 11092->11094 11095 d8afbd __FF_MSGBANNER 66 API calls 11093->11095 11096 d8ae0e __NMSG_WRITE 66 API calls 11094->11096 11095->11094 11097 d89236 11096->11097 11098 d870c1 __mtinitlocknum 3 API calls 11097->11098 11099 d89240 11098->11099 11099->10939 11101 d8a52f GetProcAddress GetProcAddress GetProcAddress GetProcAddress 11100->11101 11102 d8a526 11100->11102 11104 d8a579 TlsAlloc 11101->11104 14368 d8a25f 11102->14368 11107 d8a688 11104->11107 11108 d8a5c7 TlsSetValue 11104->11108 11107->10942 11108->11107 11109 d8a5d8 11108->11109 14373 d870eb 11109->14373 11114 d8a620 DecodePointer 11117 d8a635 11114->11117 11115 d8a683 11116 d8a25f __mtterm 2 API calls 11115->11116 11116->11107 11117->11115 11118 d89efe __calloc_crt 66 API calls 11117->11118 11119 d8a64b 11118->11119 11119->11115 11120 d8a653 DecodePointer 11119->11120 11121 d8a664 11120->11121 11121->11115 11122 d8a668 11121->11122 11123 d8a29c __initptd 66 API calls 11122->11123 11124 d8a670 GetCurrentThreadId 11123->11124 11124->11107 11126 d8eddb 11125->11126 11127 d8ede0 GetModuleFileNameA 11125->11127 11129 d8fcea ___initmbctable 94 API calls 11126->11129 11128 d8ee07 11127->11128 14384 d8ec2c 11128->14384 11129->11127 11132 d89eb9 __malloc_crt 66 API calls 11133 d8ee49 11132->11133 11134 d8ec2c _parse_cmdline 76 API calls 11133->11134 11135 d8ee63 11133->11135 11134->11135 11135->10956 11137 d871d9 _doexit 66 API calls 11136->11137 11138 d8732a 11137->11138 11138->10978 11140 d871d9 _doexit 66 API calls 11139->11140 11141 d87350 11140->11141 11141->10981 11143 d8fcf3 11142->11143 11144 d8fcfa 11142->11144 11158 d8fb50 11143->11158 11144->11014 11147 d8aab0 11146->11147 11148 d8aab7 11146->11148 11147->11148 11152 d8aad5 11147->11152 11149 d8987e __tolower_l 66 API calls 11148->11149 11150 d8aabc 11149->11150 11151 d89c96 __tsopen_nolock 11 API calls 11150->11151 11153 d8aac6 11151->11153 11152->11153 11154 d8987e __tolower_l 66 API calls 11152->11154 11153->11020 11154->11150 11589 d9226b 11155->11589 11159 d8fb5c __tsopen_nolock 11158->11159 11189 d8a3c9 11159->11189 11163 d8fb6f 11210 d8f8eb 11163->11210 11166 d89eb9 __malloc_crt 66 API calls 11167 d8fb90 11166->11167 11168 d8fcaf __tsopen_nolock 11167->11168 11217 d8f967 11167->11217 11168->11144 11171 d8fcbc 11171->11168 11175 d8fccf 11171->11175 11177 d86e44 _free 66 API calls 11171->11177 11172 d8fbc0 InterlockedDecrement 11173 d8fbd0 11172->11173 11174 d8fbe1 InterlockedIncrement 11172->11174 11173->11174 11179 d86e44 _free 66 API calls 11173->11179 11174->11168 11176 d8fbf7 11174->11176 11178 d8987e __tolower_l 66 API calls 11175->11178 11176->11168 11181 d89e20 __lock 66 API calls 11176->11181 11177->11175 11178->11168 11180 d8fbe0 11179->11180 11180->11174 11183 d8fc0b InterlockedDecrement 11181->11183 11184 d8fc9a InterlockedIncrement 11183->11184 11185 d8fc87 11183->11185 11227 d8fcb1 11184->11227 11185->11184 11187 d86e44 _free 66 API calls 11185->11187 11188 d8fc99 11187->11188 11188->11184 11190 d8a350 __getptd_noexit 66 API calls 11189->11190 11191 d8a3d1 11190->11191 11192 d8a3de 11191->11192 11193 d87363 __amsg_exit 66 API calls 11191->11193 11194 d8f847 11192->11194 11193->11192 11195 d8f853 __tsopen_nolock 11194->11195 11196 d8a3c9 __getptd 66 API calls 11195->11196 11197 d8f858 11196->11197 11198 d89e20 __lock 66 API calls 11197->11198 11206 d8f86a 11197->11206 11199 d8f888 11198->11199 11200 d8f8d1 11199->11200 11201 d8f8b9 InterlockedIncrement 11199->11201 11202 d8f89f InterlockedDecrement 11199->11202 11230 d8f8e2 11200->11230 11201->11200 11202->11201 11205 d8f8aa 11202->11205 11204 d87363 __amsg_exit 66 API calls 11207 d8f878 __tsopen_nolock 11204->11207 11205->11201 11208 d86e44 _free 66 API calls 11205->11208 11206->11204 11206->11207 11207->11163 11209 d8f8b8 11208->11209 11209->11201 11234 d8a7f5 11210->11234 11213 d8f928 11215 d8f92d GetACP 11213->11215 11216 d8f91a 11213->11216 11214 d8f90a GetOEMCP 11214->11216 11215->11216 11216->11166 11216->11168 11218 d8f8eb getSystemCP 78 API calls 11217->11218 11219 d8f987 11218->11219 11220 d8f992 setSBCS 11219->11220 11223 d8f9d6 IsValidCodePage 11219->11223 11225 d8f9fb _memset __setmbcp_nolock 11219->11225 11221 d861bd __findfirst64i32 5 API calls 11220->11221 11222 d8fb4e 11221->11222 11222->11171 11222->11172 11223->11220 11224 d8f9e8 GetCPInfo 11223->11224 11224->11220 11224->11225 11527 d8f6b7 GetCPInfo 11225->11527 11588 d89d47 LeaveCriticalSection 11227->11588 11229 d8fcb8 11229->11168 11233 d89d47 LeaveCriticalSection 11230->11233 11232 d8f8e9 11232->11206 11233->11232 11235 d8a808 11234->11235 11239 d8a855 11234->11239 11236 d8a3c9 __getptd 66 API calls 11235->11236 11237 d8a80d 11236->11237 11238 d8a835 11237->11238 11242 d8f5ab 11237->11242 11238->11239 11241 d8f847 __setmbcp 68 API calls 11238->11241 11239->11213 11239->11214 11241->11239 11243 d8f5b7 __tsopen_nolock 11242->11243 11244 d8a3c9 __getptd 66 API calls 11243->11244 11245 d8f5bc 11244->11245 11246 d8f5ea 11245->11246 11248 d8f5ce 11245->11248 11247 d89e20 __lock 66 API calls 11246->11247 11249 d8f5f1 11247->11249 11250 d8a3c9 __getptd 66 API calls 11248->11250 11257 d8f55e 11249->11257 11252 d8f5d3 11250->11252 11254 d8f5e1 __tsopen_nolock 11252->11254 11256 d87363 __amsg_exit 66 API calls 11252->11256 11254->11238 11256->11254 11258 d8f56b 11257->11258 11259 d8f5a0 11257->11259 11258->11259 11260 d8f2eb ___addlocaleref 8 API calls 11258->11260 11265 d8f618 11259->11265 11261 d8f581 11260->11261 11261->11259 11268 d8f37a 11261->11268 11526 d89d47 LeaveCriticalSection 11265->11526 11267 d8f61f 11267->11252 11269 d8f38b InterlockedDecrement 11268->11269 11270 d8f40e 11268->11270 11271 d8f3a0 InterlockedDecrement 11269->11271 11272 d8f3a3 11269->11272 11270->11259 11282 d8f413 11270->11282 11271->11272 11273 d8f3ad InterlockedDecrement 11272->11273 11274 d8f3b0 11272->11274 11273->11274 11275 d8f3ba InterlockedDecrement 11274->11275 11276 d8f3bd 11274->11276 11275->11276 11277 d8f3c7 InterlockedDecrement 11276->11277 11278 d8f3ca 11276->11278 11277->11278 11279 d8f3e3 InterlockedDecrement 11278->11279 11280 d8f3f3 InterlockedDecrement 11278->11280 11281 d8f3fe InterlockedDecrement 11278->11281 11279->11278 11280->11278 11281->11270 11283 d8f497 11282->11283 11290 d8f42a 11282->11290 11284 d8f4e4 11283->11284 11285 d86e44 _free 66 API calls 11283->11285 11302 d8f50d 11284->11302 11352 d922d6 11284->11352 11286 d8f4b8 11285->11286 11288 d86e44 _free 66 API calls 11286->11288 11292 d8f4cb 11288->11292 11289 d8f47f 11293 d86e44 _free 66 API calls 11289->11293 11290->11283 11295 d86e44 _free 66 API calls 11290->11295 11311 d8f45e 11290->11311 11297 d86e44 _free 66 API calls 11292->11297 11299 d8f48c 11293->11299 11294 d8f552 11300 d86e44 _free 66 API calls 11294->11300 11301 d8f453 11295->11301 11296 d86e44 _free 66 API calls 11296->11302 11303 d8f4d9 11297->11303 11298 d86e44 _free 66 API calls 11304 d8f474 11298->11304 11306 d86e44 _free 66 API calls 11299->11306 11307 d8f558 11300->11307 11312 d926b6 11301->11312 11302->11294 11305 d86e44 66 API calls _free 11302->11305 11309 d86e44 _free 66 API calls 11303->11309 11340 d9264d 11304->11340 11305->11302 11306->11283 11307->11259 11309->11284 11311->11289 11311->11298 11313 d926c7 11312->11313 11339 d927b0 11312->11339 11314 d86e44 _free 66 API calls 11313->11314 11316 d926d8 11313->11316 11314->11316 11315 d926ea 11318 d926fc 11315->11318 11320 d86e44 _free 66 API calls 11315->11320 11316->11315 11317 d86e44 _free 66 API calls 11316->11317 11317->11315 11319 d9270e 11318->11319 11321 d86e44 _free 66 API calls 11318->11321 11322 d92720 11319->11322 11323 d86e44 _free 66 API calls 11319->11323 11320->11318 11321->11319 11324 d92732 11322->11324 11325 d86e44 _free 66 API calls 11322->11325 11323->11322 11326 d92744 11324->11326 11328 d86e44 _free 66 API calls 11324->11328 11325->11324 11327 d92756 11326->11327 11329 d86e44 _free 66 API calls 11326->11329 11330 d92768 11327->11330 11331 d86e44 _free 66 API calls 11327->11331 11328->11326 11329->11327 11332 d9277a 11330->11332 11333 d86e44 _free 66 API calls 11330->11333 11331->11330 11334 d9278c 11332->11334 11336 d86e44 _free 66 API calls 11332->11336 11333->11332 11335 d9279e 11334->11335 11337 d86e44 _free 66 API calls 11334->11337 11338 d86e44 _free 66 API calls 11335->11338 11335->11339 11336->11334 11337->11335 11338->11339 11339->11311 11341 d9265a 11340->11341 11351 d926b2 11340->11351 11343 d9266a 11341->11343 11344 d86e44 _free 66 API calls 11341->11344 11342 d9267c 11346 d9268e 11342->11346 11347 d86e44 _free 66 API calls 11342->11347 11343->11342 11345 d86e44 _free 66 API calls 11343->11345 11344->11343 11345->11342 11348 d926a0 11346->11348 11349 d86e44 _free 66 API calls 11346->11349 11347->11346 11350 d86e44 _free 66 API calls 11348->11350 11348->11351 11349->11348 11350->11351 11351->11289 11353 d922e7 11352->11353 11525 d8f502 11352->11525 11354 d86e44 _free 66 API calls 11353->11354 11355 d922ef 11354->11355 11356 d86e44 _free 66 API calls 11355->11356 11357 d922f7 11356->11357 11358 d86e44 _free 66 API calls 11357->11358 11359 d922ff 11358->11359 11360 d86e44 _free 66 API calls 11359->11360 11361 d92307 11360->11361 11362 d86e44 _free 66 API calls 11361->11362 11363 d9230f 11362->11363 11364 d86e44 _free 66 API calls 11363->11364 11365 d92317 11364->11365 11366 d86e44 _free 66 API calls 11365->11366 11367 d9231e 11366->11367 11368 d86e44 _free 66 API calls 11367->11368 11369 d92326 11368->11369 11370 d86e44 _free 66 API calls 11369->11370 11371 d9232e 11370->11371 11372 d86e44 _free 66 API calls 11371->11372 11373 d92336 11372->11373 11374 d86e44 _free 66 API calls 11373->11374 11375 d9233e 11374->11375 11376 d86e44 _free 66 API calls 11375->11376 11377 d92346 11376->11377 11378 d86e44 _free 66 API calls 11377->11378 11379 d9234e 11378->11379 11380 d86e44 _free 66 API calls 11379->11380 11381 d92356 11380->11381 11382 d86e44 _free 66 API calls 11381->11382 11383 d9235e 11382->11383 11384 d86e44 _free 66 API calls 11383->11384 11385 d92366 11384->11385 11386 d86e44 _free 66 API calls 11385->11386 11387 d92371 11386->11387 11388 d86e44 _free 66 API calls 11387->11388 11389 d92379 11388->11389 11390 d86e44 _free 66 API calls 11389->11390 11391 d92381 11390->11391 11392 d86e44 _free 66 API calls 11391->11392 11393 d92389 11392->11393 11394 d86e44 _free 66 API calls 11393->11394 11395 d92391 11394->11395 11525->11296 11526->11267 11528 d8f6eb _memset 11527->11528 11536 d8f79f 11527->11536 11537 d9289b 11528->11537 11532 d861bd __findfirst64i32 5 API calls 11534 d8f845 11532->11534 11534->11225 11535 d919cb ___crtLCMapStringA 82 API calls 11535->11536 11536->11532 11538 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11537->11538 11539 d928ae 11538->11539 11547 d927b4 11539->11547 11542 d919cb 11543 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11542->11543 11544 d919de 11543->11544 11564 d917e4 11544->11564 11548 d927dd MultiByteToWideChar 11547->11548 11549 d927d2 11547->11549 11550 d9280a 11548->11550 11559 d92806 11548->11559 11549->11548 11554 d880e7 _malloc 66 API calls 11550->11554 11558 d9281f _memset __crtGetStringTypeA_stat 11550->11558 11551 d861bd __findfirst64i32 5 API calls 11552 d8f75a 11551->11552 11552->11542 11553 d92858 MultiByteToWideChar 11555 d9287f 11553->11555 11556 d9286e GetStringTypeW 11553->11556 11554->11558 11560 d8fd08 11555->11560 11556->11555 11558->11553 11558->11559 11559->11551 11561 d8fd14 11560->11561 11562 d8fd25 11560->11562 11561->11562 11563 d86e44 _free 66 API calls 11561->11563 11562->11559 11563->11562 11566 d91802 MultiByteToWideChar 11564->11566 11567 d91860 11566->11567 11571 d91867 11566->11571 11568 d861bd __findfirst64i32 5 API calls 11567->11568 11570 d8f77a 11568->11570 11569 d918b4 MultiByteToWideChar 11573 d919ac 11569->11573 11574 d918cd LCMapStringW 11569->11574 11570->11535 11572 d880e7 _malloc 66 API calls 11571->11572 11577 d91880 __crtGetStringTypeA_stat 11571->11577 11572->11577 11575 d8fd08 __freea 66 API calls 11573->11575 11574->11573 11576 d918ec 11574->11576 11575->11567 11578 d918f6 11576->11578 11580 d9191f 11576->11580 11577->11567 11577->11569 11578->11573 11579 d9190a LCMapStringW 11578->11579 11579->11573 11582 d9193a __crtGetStringTypeA_stat 11580->11582 11583 d880e7 _malloc 66 API calls 11580->11583 11581 d9196e LCMapStringW 11584 d91984 WideCharToMultiByte 11581->11584 11585 d919a6 11581->11585 11582->11573 11582->11581 11583->11582 11584->11585 11586 d8fd08 __freea 66 API calls 11585->11586 11586->11573 11588->11229 11590 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11589->11590 11591 d9227e 11590->11591 11591->11026 11593 d8adcb EncodePointer 11592->11593 11593->11593 11594 d8ade5 11593->11594 11594->11033 11598 d8ad26 11595->11598 11597 d8ad6f 11597->11035 11599 d8ad32 __tsopen_nolock 11598->11599 11606 d870d9 11599->11606 11605 d8ad53 __tsopen_nolock 11605->11597 11607 d89e20 __lock 66 API calls 11606->11607 11608 d870e0 11607->11608 11609 d8ac3f DecodePointer DecodePointer 11608->11609 11610 d8ac6d 11609->11610 11611 d8acee 11609->11611 11610->11611 11623 d9049e 11610->11623 11620 d8ad5c 11611->11620 11613 d8acd1 EncodePointer EncodePointer 11613->11611 11614 d8aca3 11614->11611 11617 d89f4a __realloc_crt 70 API calls 11614->11617 11618 d8acbf EncodePointer 11614->11618 11615 d8ac7f 11615->11613 11615->11614 11630 d89f4a 11615->11630 11619 d8acb9 11617->11619 11618->11613 11619->11611 11619->11618 11656 d870e2 11620->11656 11624 d904a9 11623->11624 11625 d904be HeapSize 11623->11625 11626 d8987e __tolower_l 66 API calls 11624->11626 11625->11615 11627 d904ae 11626->11627 11628 d89c96 __tsopen_nolock 11 API calls 11627->11628 11629 d904b9 11628->11629 11629->11615 11634 d89f53 11630->11634 11632 d89f92 11632->11614 11633 d89f73 Sleep 11633->11634 11634->11632 11634->11633 11635 d8f0f7 11634->11635 11636 d8f10d 11635->11636 11637 d8f102 11635->11637 11639 d8f115 11636->11639 11647 d8f122 11636->11647 11638 d880e7 _malloc 66 API calls 11637->11638 11640 d8f10a 11638->11640 11641 d86e44 _free 66 API calls 11639->11641 11640->11634 11653 d8f11d __dosmaperr 11641->11653 11642 d8f15a 11644 d8ac17 _malloc DecodePointer 11642->11644 11643 d8f12a HeapReAlloc 11643->11647 11643->11653 11645 d8f160 11644->11645 11648 d8987e __tolower_l 66 API calls 11645->11648 11646 d8f18a 11650 d8987e __tolower_l 66 API calls 11646->11650 11647->11642 11647->11643 11647->11646 11649 d8ac17 _malloc DecodePointer 11647->11649 11652 d8f172 11647->11652 11648->11653 11649->11647 11651 d8f18f GetLastError 11650->11651 11651->11653 11654 d8987e __tolower_l 66 API calls 11652->11654 11653->11634 11655 d8f177 GetLastError 11654->11655 11655->11653 11659 d89d47 LeaveCriticalSection 11656->11659 11658 d870e9 11658->11605 11659->11658 11661 d8ab1e _calloc 66 API calls 11660->11661 11662 d87070 11661->11662 11663 d8987e __tolower_l 66 API calls 11662->11663 11666 d81577 11662->11666 11664 d87083 11663->11664 11665 d8987e __tolower_l 66 API calls 11664->11665 11664->11666 11665->11666 11666->11046 11666->11047 11668 d812e6 11667->11668 11669 d812f7 11667->11669 11670 d81860 103 API calls 11668->11670 11669->11051 11671 d812f0 11670->11671 11671->11051 11673 d81316 11672->11673 11674 d81327 11672->11674 11675 d81860 103 API calls 11673->11675 11674->11055 11676 d81320 11675->11676 11676->11055 11679 d86f11 __tsopen_nolock _strnlen 11677->11679 11678 d86f1d 11680 d8987e __tolower_l 66 API calls 11678->11680 11679->11678 11683 d86f49 11679->11683 11681 d86f22 11680->11681 11682 d89c96 __tsopen_nolock 11 API calls 11681->11682 11685 d86f2d __tsopen_nolock 11682->11685 11684 d89e20 __lock 66 API calls 11683->11684 11686 d86f50 11684->11686 11685->11057 11802 d86e7e 11686->11802 11691 d83675 11690->11691 11692 d8367c 11691->11692 11998 d81c30 11691->11998 11692->11061 11694 d83687 11694->11061 11696 d8169c 11695->11696 11698 d83461 11695->11698 11696->11066 11696->11071 11697 d83474 htonl 11697->11698 11698->11696 11698->11697 11699 d81860 103 API calls 11698->11699 11699->11698 11701 d81786 11700->11701 11706 d834c2 11700->11706 11701->11073 11707 d93509 11701->11707 11703 d834f8 htonl 11703->11706 11705 d81860 103 API calls 11705->11706 11706->11701 11706->11703 11706->11705 12752 d82d80 11706->12752 12770 d83220 11706->12770 11708 d93515 __tsopen_nolock 11707->11708 11709 d89e20 __lock 66 API calls 11708->11709 11710 d9351c 11709->11710 13785 d9330c 11710->13785 11714 d9353c __tsopen_nolock 11714->11084 13971 d86a61 11715->13971 11717 d813e3 11718 d86a61 _signal 76 API calls 11717->11718 11719 d813ec 11718->11719 11720 d86a61 _signal 76 API calls 11719->11720 11721 d813f5 11720->11721 11722 d86a61 _signal 76 API calls 11721->11722 11723 d813fe GetStartupInfoW 11722->11723 11724 d81443 __flsbuf 11723->11724 11725 d8dbee __fseek_nolock 66 API calls 11724->11725 11726 d81449 11725->11726 14003 d864e6 11726->14003 11728 d8144f __flsbuf 11729 d8dbee __fseek_nolock 66 API calls 11728->11729 11730 d81461 11729->11730 11731 d864e6 __chsize_nolock 66 API calls 11730->11731 11742 d8795e _vswprintf_s 102 API calls 11741->11742 11743 d81893 MessageBoxA 11742->11743 11744 d861bd __findfirst64i32 5 API calls 11743->11744 11745 d8158c 11744->11745 11745->11052 14020 d861d0 11746->14020 11749 d8104c 11750 d81055 11749->11750 11753 d81070 _strrchr 11749->11753 11751 d861bd __findfirst64i32 5 API calls 11750->11751 11752 d81069 11751->11752 11752->11074 11754 d810ea LoadLibraryA GetProcAddress GetProcAddress 11753->11754 11755 d811a5 11754->11755 11758 d81133 11754->11758 11756 d861bd __findfirst64i32 5 API calls 11755->11756 11757 d811c1 11756->11757 11757->11074 11758->11755 11759 d81189 11758->11759 11760 d861bd __findfirst64i32 5 API calls 11759->11760 11761 d8119e 11760->11761 11761->11074 14022 d82310 htonl 11762->14022 11764 d83aeb 11765 d83af2 11764->11765 14038 d82510 11764->14038 11765->11078 11767 d83b07 11767->11765 11775 d861d0 _memset 11774->11775 11776 d8121c GetVersionExA 11775->11776 11777 d8124c LoadLibraryA GetProcAddress GetProcAddress 11776->11777 11778 d81241 11776->11778 11781 d81275 11777->11781 11778->11777 11778->11781 11779 d861bd __findfirst64i32 5 API calls 11780 d812c2 11779->11780 11780->11081 11781->11779 11803 d86e93 11802->11803 11804 d86e97 11802->11804 11808 d86f76 11803->11808 11804->11803 11806 d86ea9 _strlen 11804->11806 11811 d8aa0b 11804->11811 11806->11803 11821 d8a95a 11806->11821 11997 d89d47 LeaveCriticalSection 11808->11997 11810 d86f7d 11810->11685 11818 d8aa8b 11811->11818 11819 d8aa26 11811->11819 11812 d8aa2c WideCharToMultiByte 11812->11818 11812->11819 11813 d89efe __calloc_crt 66 API calls 11813->11819 11814 d8aa4f WideCharToMultiByte 11815 d8aa97 11814->11815 11814->11819 11816 d86e44 _free 66 API calls 11815->11816 11816->11818 11818->11806 11819->11812 11819->11813 11819->11814 11819->11818 11820 d86e44 _free 66 API calls 11819->11820 11824 d90174 11819->11824 11820->11819 11916 d8a87c 11821->11916 11825 d90189 11824->11825 11826 d9019e 11824->11826 11827 d8987e __tolower_l 66 API calls 11825->11827 11828 d901fc 11826->11828 11872 d92b43 11826->11872 11829 d9018e 11827->11829 11830 d8987e __tolower_l 66 API calls 11828->11830 11832 d89c96 __tsopen_nolock 11 API calls 11829->11832 11861 d90199 11830->11861 11832->11861 11834 d901dd 11836 d9023a 11834->11836 11837 d9020f 11834->11837 11838 d901f3 11834->11838 11836->11861 11875 d900c2 11836->11875 11840 d89eb9 __malloc_crt 66 API calls 11837->11840 11837->11861 11841 d8aa0b ___wtomb_environ 98 API calls 11838->11841 11843 d9021f 11840->11843 11844 d901f8 11841->11844 11843->11836 11850 d89eb9 __malloc_crt 66 API calls 11843->11850 11843->11861 11844->11828 11844->11836 11845 d903a1 11847 d86e44 _free 66 API calls 11845->11847 11846 d90269 11848 d86e44 _free 66 API calls 11846->11848 11847->11861 11849 d90273 11848->11849 11855 d902a0 11849->11855 11856 d90279 _strlen 11849->11856 11850->11836 11851 d902b7 11851->11845 11852 d902dc 11851->11852 11851->11861 11853 d89f98 __recalloc_crt 71 API calls 11852->11853 11859 d902ae 11853->11859 11854 d9037b 11858 d86e44 _free 66 API calls 11854->11858 11854->11861 11887 d89f98 11855->11887 11856->11854 11860 d89efe __calloc_crt 66 API calls 11856->11860 11858->11861 11859->11856 11859->11861 11862 d90324 _strlen 11860->11862 11861->11819 11862->11854 11863 d8aaa2 _strcpy_s 66 API calls 11862->11863 11864 d9033e 11863->11864 11865 d90345 SetEnvironmentVariableA 11864->11865 11866 d90397 11864->11866 11868 d9036f 11865->11868 11869 d90366 11865->11869 11867 d89c44 __invoke_watson 10 API calls 11866->11867 11867->11845 11871 d86e44 _free 66 API calls 11868->11871 11870 d8987e __tolower_l 66 API calls 11869->11870 11870->11868 11871->11854 11892 d92a93 11872->11892 11874 d901b1 11874->11828 11874->11834 11879 d90114 11874->11879 11878 d900d0 11875->11878 11876 d900f7 11876->11846 11876->11851 11877 d8a95a __fassign 91 API calls 11877->11878 11878->11876 11878->11877 11880 d9016a 11879->11880 11881 d90125 11879->11881 11880->11834 11882 d89efe __calloc_crt 66 API calls 11881->11882 11883 d9013c 11882->11883 11884 d9014e 11883->11884 11885 d87363 __amsg_exit 66 API calls 11883->11885 11884->11880 11899 d92a41 11884->11899 11885->11884 11889 d89fa1 11887->11889 11890 d89fe4 11889->11890 11891 d89fc5 Sleep 11889->11891 11907 d8f1a4 11889->11907 11890->11859 11891->11889 11893 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11892->11893 11894 d92aa7 11893->11894 11895 d8987e __tolower_l 66 API calls 11894->11895 11898 d92ac0 __mbschr_l 11894->11898 11896 d92ab5 11895->11896 11897 d89c96 __tsopen_nolock 11 API calls 11896->11897 11897->11898 11898->11874 11900 d92a4e 11899->11900 11901 d92a52 _strlen 11899->11901 11900->11884 11902 d880e7 _malloc 66 API calls 11901->11902 11903 d92a65 11902->11903 11903->11900 11904 d8aaa2 _strcpy_s 66 API calls 11903->11904 11905 d92a77 11904->11905 11905->11900 11906 d89c44 __invoke_watson 10 API calls 11905->11906 11906->11900 11908 d8f1ce 11907->11908 11909 d8f1b3 11907->11909 11911 d8f1e3 11908->11911 11913 d9049e __recalloc 67 API calls 11908->11913 11909->11908 11910 d8f1bf 11909->11910 11912 d8987e __tolower_l 66 API calls 11910->11912 11914 d8f0f7 __realloc_crt 69 API calls 11911->11914 11915 d8f1c4 _memset 11912->11915 11913->11911 11914->11915 11915->11889 11917 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11916->11917 11918 d8a890 11917->11918 11919 d8a8b1 11918->11919 11921 d8a8dc 11918->11921 11933 d8a899 11918->11933 11920 d8987e __tolower_l 66 API calls 11919->11920 11924 d8a8b6 11920->11924 11922 d8a8f8 11921->11922 11923 d8a8e6 11921->11923 11926 d8a900 11922->11926 11927 d8a914 11922->11927 11925 d8987e __tolower_l 66 API calls 11923->11925 11928 d89c96 __tsopen_nolock 11 API calls 11924->11928 11929 d8a8eb 11925->11929 11934 d8ffd8 11926->11934 11954 d8ff96 11927->11954 11928->11933 11932 d89c96 __tsopen_nolock 11 API calls 11929->11932 11932->11933 11933->11806 11935 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11934->11935 11936 d8ffec 11935->11936 11937 d9000d 11936->11937 11938 d90038 11936->11938 11952 d8fff5 11936->11952 11939 d8987e __tolower_l 66 API calls 11937->11939 11940 d90042 11938->11940 11941 d90054 11938->11941 11942 d90012 11939->11942 11943 d8987e __tolower_l 66 API calls 11940->11943 11944 d9005e 11941->11944 11945 d90073 11941->11945 11946 d89c96 __tsopen_nolock 11 API calls 11942->11946 11947 d90047 11943->11947 11959 d9290c 11944->11959 11949 d8ff96 ___crtCompareStringA 82 API calls 11945->11949 11946->11952 11950 d89c96 __tsopen_nolock 11 API calls 11947->11950 11951 d9008d 11949->11951 11950->11952 11951->11952 11953 d8987e __tolower_l 66 API calls 11951->11953 11952->11933 11953->11952 11955 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11954->11955 11956 d8ffa9 11955->11956 11975 d8fd28 11956->11975 11960 d92921 11959->11960 11969 d92943 ___ascii_strnicmp 11959->11969 11961 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 11960->11961 11962 d9292c 11961->11962 11963 d92933 11962->11963 11964 d92961 11962->11964 11965 d8987e __tolower_l 66 API calls 11963->11965 11966 d9296b 11964->11966 11974 d9298c 11964->11974 11967 d92938 11965->11967 11968 d8987e __tolower_l 66 API calls 11966->11968 11970 d89c96 __tsopen_nolock 11 API calls 11967->11970 11971 d92970 11968->11971 11969->11952 11970->11969 11972 d89c96 __tsopen_nolock 11 API calls 11971->11972 11972->11969 11973 d92faa 85 API calls __tolower_l 11973->11974 11974->11969 11974->11973 11978 d8fd4f 11975->11978 11976 d861bd __findfirst64i32 5 API calls 11977 d8ff94 11976->11977 11977->11933 11979 d8fe59 MultiByteToWideChar 11978->11979 11980 d8fddf GetCPInfo 11978->11980 11983 d8fd93 11978->11983 11979->11983 11984 d8fe7b 11979->11984 11981 d8fdf0 11980->11981 11980->11983 11981->11979 11981->11983 11982 d8fed0 MultiByteToWideChar 11986 d8ff77 11982->11986 11987 d8fee9 MultiByteToWideChar 11982->11987 11983->11976 11985 d880e7 _malloc 66 API calls 11984->11985 11989 d8fe96 __crtGetStringTypeA_stat 11984->11989 11985->11989 11988 d8fd08 __freea 66 API calls 11986->11988 11987->11986 11991 d8ff00 11987->11991 11988->11983 11989->11982 11989->11983 11990 d8ff47 MultiByteToWideChar 11993 d8ff5a CompareStringW 11990->11993 11994 d8ff71 11990->11994 11992 d880e7 _malloc 66 API calls 11991->11992 11996 d8ff16 __crtGetStringTypeA_stat 11991->11996 11992->11996 11993->11994 11995 d8fd08 __freea 66 API calls 11994->11995 11995->11986 11996->11986 11996->11990 11997->11810 12032 d88430 11998->12032 12000 d81c4c 12000->11694 12003 d81c5c 12048 d8830f 12003->12048 12005 d81c64 12061 d81af0 12005->12061 12007 d81c6d 12008 d81caf htonl htonl 12007->12008 12070 d81b50 12007->12070 12009 d8801b _fseek 101 API calls 12008->12009 12011 d81cd4 htonl 12009->12011 12012 d880e7 _malloc 66 API calls 12011->12012 12013 d81ce6 12012->12013 12014 d81cf0 12013->12014 12015 d81d03 htonl 12013->12015 12017 d81860 103 API calls 12014->12017 12067 d87f74 12015->12067 12016 d81af0 109 API calls 12019 d81c7a 12016->12019 12020 d81cfa 12017->12020 12019->12016 12022 d81ca5 12019->12022 12031 d81d5e 12019->12031 12020->11694 12022->12008 12022->12031 12031->11694 12094 d88374 12032->12094 12034 d81c43 12034->12000 12035 d8801b 12034->12035 12039 d88027 __tsopen_nolock 12035->12039 12036 d88033 12037 d8987e __tolower_l 66 API calls 12036->12037 12040 d88038 12037->12040 12038 d88059 12559 d86885 12038->12559 12039->12036 12039->12038 12042 d89c96 __tsopen_nolock 11 API calls 12040->12042 12047 d88043 __tsopen_nolock 12042->12047 12047->12003 12049 d8831b __tsopen_nolock 12048->12049 12050 d8833c 12049->12050 12051 d88327 12049->12051 12053 d86885 __lock_file 67 API calls 12050->12053 12052 d8987e __tolower_l 66 API calls 12051->12052 12054 d8832c 12052->12054 12055 d88344 12053->12055 12056 d89c96 __tsopen_nolock 11 API calls 12054->12056 12057 d8817b __ftell_nolock 71 API calls 12055->12057 12060 d88337 __tsopen_nolock 12056->12060 12058 d88351 12057->12058 12653 d8836a 12058->12653 12060->12005 12062 d8801b _fseek 101 API calls 12061->12062 12063 d81b07 12062->12063 12064 d81b0e 12063->12064 12065 d87f74 __fread_nolock 81 API calls 12063->12065 12064->12007 12066 d81b24 _strncmp 12065->12066 12066->12007 12656 d87ee6 12067->12656 12071 d8801b _fseek 101 API calls 12070->12071 12072 d81b6c 12071->12072 12073 d87f74 __fread_nolock 81 API calls 12072->12073 12074 d81b7d 12073->12074 12075 d81c18 12074->12075 12076 d8801b _fseek 101 API calls 12074->12076 12075->12019 12077 d81ba2 12076->12077 12078 d87f74 __fread_nolock 81 API calls 12077->12078 12079 d81bb3 12078->12079 12097 d88380 __tsopen_nolock 12094->12097 12095 d88393 12096 d8987e __tolower_l 66 API calls 12095->12096 12098 d88398 12096->12098 12097->12095 12099 d883c0 12097->12099 12100 d89c96 __tsopen_nolock 11 API calls 12098->12100 12113 d8e069 12099->12113 12110 d883a3 __tsopen_nolock @_EH4_CallFilterFunc@8 12100->12110 12102 d883c5 12103 d883d9 12102->12103 12104 d883cc 12102->12104 12105 d88400 12103->12105 12106 d883e0 12103->12106 12107 d8987e __tolower_l 66 API calls 12104->12107 12130 d8ddd2 12105->12130 12108 d8987e __tolower_l 66 API calls 12106->12108 12107->12110 12108->12110 12110->12034 12114 d8e075 __tsopen_nolock 12113->12114 12115 d89e20 __lock 66 API calls 12114->12115 12127 d8e083 12115->12127 12116 d8e0f8 12155 d8e193 12116->12155 12117 d8e0ff 12119 d89eb9 __malloc_crt 66 API calls 12117->12119 12121 d8e106 12119->12121 12120 d8e188 __tsopen_nolock 12120->12102 12121->12116 12122 d8e114 InitializeCriticalSectionAndSpinCount 12121->12122 12124 d8e134 12122->12124 12125 d8e147 EnterCriticalSection 12122->12125 12128 d86e44 _free 66 API calls 12124->12128 12125->12116 12126 d89d5e __mtinitlocknum 66 API calls 12126->12127 12127->12116 12127->12117 12127->12126 12158 d868c6 12127->12158 12163 d86934 12127->12163 12128->12116 12132 d8ddf4 12130->12132 12131 d8de1f 12137 d8e010 12131->12137 12151 d8dfbc 12131->12151 12173 d920df 12131->12173 12132->12131 12133 d8de08 12132->12133 12134 d8987e __tolower_l 66 API calls 12133->12134 12135 d8de0d 12134->12135 12136 d89c96 __tsopen_nolock 11 API calls 12135->12136 12141 d8840b 12136->12141 12140 d8987e __tolower_l 66 API calls 12137->12140 12138 d8e022 12170 d8be54 12138->12170 12142 d8e015 12140->12142 12152 d88426 12141->12152 12143 d89c96 __tsopen_nolock 11 API calls 12142->12143 12143->12141 12148 d91f79 __fassign 85 API calls 12149 d8dfd4 12148->12149 12150 d91f79 __fassign 85 API calls 12149->12150 12149->12151 12150->12151 12151->12137 12151->12138 12552 d868f8 12152->12552 12154 d8842e 12154->12110 12168 d89d47 LeaveCriticalSection 12155->12168 12157 d8e19a 12157->12120 12159 d868e9 EnterCriticalSection 12158->12159 12160 d868d3 12158->12160 12159->12127 12161 d89e20 __lock 66 API calls 12160->12161 12162 d868dc 12161->12162 12162->12127 12164 d86944 12163->12164 12165 d86957 LeaveCriticalSection 12163->12165 12169 d89d47 LeaveCriticalSection 12164->12169 12165->12127 12167 d86954 12167->12127 12168->12157 12169->12167 12179 d8bd90 12170->12179 12172 d8be6f 12172->12141 12513 d91f93 12173->12513 12175 d8df8b 12175->12137 12176 d91f79 12175->12176 12527 d91d75 12176->12527 12182 d8bd9c __tsopen_nolock 12179->12182 12180 d8bdaf 12181 d8987e __tolower_l 66 API calls 12180->12181 12183 d8bdb4 12181->12183 12182->12180 12184 d8bde5 12182->12184 12186 d89c96 __tsopen_nolock 11 API calls 12183->12186 12190 d8b65c 12184->12190 12189 d8bdbe __tsopen_nolock 12186->12189 12187 d8bdff 12189->12172 12191 d8b683 12190->12191 12301 d88502 12191->12301 12193 d89c44 __invoke_watson 10 API calls 12196 d8bd8f __tsopen_nolock 12193->12196 12194 d8b6de 12326 d89891 12194->12326 12199 d8bdaf 12196->12199 12205 d8bde5 12196->12205 12197 d8b69f 12197->12194 12200 d8b739 12197->12200 12244 d8b90e 12197->12244 12202 d8987e __tolower_l 66 API calls 12199->12202 12207 d8b7c0 12200->12207 12216 d8b793 12200->12216 12201 d8987e __tolower_l 66 API calls 12203 d8b6ed 12201->12203 12204 d8bdb4 12202->12204 12208 d89c96 __tsopen_nolock 11 API calls 12203->12208 12209 d89c96 __tsopen_nolock 11 API calls 12204->12209 12206 d8b65c __tsopen_nolock 120 API calls 12205->12206 12210 d8bdff 12206->12210 12211 d89891 __tsopen_nolock 66 API calls 12207->12211 12220 d8b6f7 12208->12220 12215 d8bdbe __tsopen_nolock 12209->12215 12212 d8be26 __wsopen_helper LeaveCriticalSection 12210->12212 12213 d8b7c5 12211->12213 12212->12215 12214 d8987e __tolower_l 66 API calls 12213->12214 12217 d8b7cf 12214->12217 12215->12187 12308 d86615 12216->12308 12218 d89c96 __tsopen_nolock 11 API calls 12217->12218 12218->12220 12220->12187 12221 d8b851 12222 d8b85a 12221->12222 12223 d8b87b CreateFileA 12221->12223 12244->12193 12302 d8850e 12301->12302 12303 d88523 12301->12303 12304 d8987e __tolower_l 66 API calls 12302->12304 12303->12197 12305 d88513 12304->12305 12306 d89c96 __tsopen_nolock 11 API calls 12305->12306 12307 d8851e 12306->12307 12307->12197 12309 d86621 __tsopen_nolock 12308->12309 12310 d89d5e __mtinitlocknum 66 API calls 12309->12310 12311 d86631 12310->12311 12312 d89e20 __lock 66 API calls 12311->12312 12313 d86636 __tsopen_nolock 12311->12313 12316 d86645 12312->12316 12313->12221 12315 d8671d 12316->12315 12319 d866c5 EnterCriticalSection 12316->12319 12320 d89e20 __lock 66 API calls 12316->12320 12322 d8669b InitializeCriticalSectionAndSpinCount 12316->12322 12324 d86787 12316->12324 12325 d866e7 __alloc_osfhnd LeaveCriticalSection 12316->12325 12319->12316 12320->12316 12322->12316 12325->12316 12327 d8a350 __getptd_noexit 66 API calls 12326->12327 12328 d89896 12327->12328 12328->12201 12514 d91fa1 12513->12514 12515 d91fa5 12513->12515 12514->12175 12516 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 12515->12516 12517 d91fb1 12516->12517 12518 d91fe9 12517->12518 12519 d9200c 12517->12519 12524 d91fba _strncmp 12517->12524 12520 d8987e __tolower_l 66 API calls 12518->12520 12521 d8987e __tolower_l 66 API calls 12519->12521 12519->12524 12522 d91fee 12520->12522 12523 d92019 12521->12523 12525 d89c96 __tsopen_nolock 11 API calls 12522->12525 12526 d89c96 __tsopen_nolock 11 API calls 12523->12526 12524->12175 12525->12524 12526->12524 12528 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 12527->12528 12529 d91d89 12528->12529 12530 d91dab 12529->12530 12531 d91dd1 12529->12531 12541 d8dfb5 12529->12541 12542 d929ee 12530->12542 12533 d91dfc 12531->12533 12534 d91dd6 12531->12534 12536 d8987e __tolower_l 66 API calls 12533->12536 12533->12541 12535 d8987e __tolower_l 66 API calls 12534->12535 12537 d91ddb 12535->12537 12538 d91e09 12536->12538 12539 d89c96 __tsopen_nolock 11 API calls 12537->12539 12540 d89c96 __tsopen_nolock 11 API calls 12538->12540 12539->12541 12540->12541 12541->12148 12541->12151 12543 d929fd 12542->12543 12549 d92a27 12542->12549 12544 d92a02 12543->12544 12543->12549 12546 d8987e __tolower_l 66 API calls 12544->12546 12545 d9290c __strnicmp_l 85 API calls 12547 d92a3c 12545->12547 12548 d92a07 12546->12548 12547->12541 12550 d89c96 __tsopen_nolock 11 API calls 12548->12550 12549->12545 12551 d92a12 12550->12551 12551->12541 12553 d86928 LeaveCriticalSection 12552->12553 12554 d86909 12552->12554 12553->12154 12554->12553 12555 d86910 12554->12555 12558 d89d47 LeaveCriticalSection 12555->12558 12557 d86925 12557->12154 12558->12557 12560 d868b9 EnterCriticalSection 12559->12560 12561 d86897 12559->12561 12562 d868af 12560->12562 12561->12560 12563 d8689f 12561->12563 12565 d87f91 12562->12565 12564 d89e20 __lock 66 API calls 12563->12564 12564->12562 12566 d87fb1 12565->12566 12567 d87fa1 12565->12567 12569 d87fc3 12566->12569 12618 d8817b 12566->12618 12568 d8987e __tolower_l 66 API calls 12567->12568 12576 d87fa6 12568->12576 12580 d8a086 12569->12580 12574 d88003 12593 d8dcfe 12574->12593 12577 d8808d 12576->12577 12578 d868f8 _fseek 2 API calls 12577->12578 12579 d88095 12578->12579 12579->12047 12581 d87fd1 12580->12581 12582 d8a09f 12580->12582 12586 d8dbee 12581->12586 12582->12581 12583 d8dbee __fseek_nolock 66 API calls 12582->12583 12584 d8a0ba 12583->12584 12585 d8e9cd __write 97 API calls 12584->12585 12585->12581 12587 d8dbfa 12586->12587 12588 d8dc0f 12586->12588 12589 d8987e __tolower_l 66 API calls 12587->12589 12588->12574 12590 d8dbff 12589->12590 12591 d89c96 __tsopen_nolock 11 API calls 12590->12591 12592 d8dc0a 12591->12592 12592->12574 12594 d8dd0a __tsopen_nolock 12593->12594 12595 d8dd2d 12594->12595 12596 d8dd12 12594->12596 12597 d8dd39 12595->12597 12603 d8dd73 12595->12603 12598 d89891 __tsopen_nolock 66 API calls 12596->12598 12599 d89891 __tsopen_nolock 66 API calls 12597->12599 12600 d8dd17 12598->12600 12602 d8dd3e 12599->12602 12601 d8987e __tolower_l 66 API calls 12600->12601 12613 d8dd1f __tsopen_nolock 12601->12613 12604 d8987e __tolower_l 66 API calls 12602->12604 12635 d8654f 12603->12635 12606 d8dd46 12604->12606 12610 d89c96 __tsopen_nolock 11 API calls 12606->12610 12607 d8dd79 12608 d8dd9b 12607->12608 12609 d8dd87 12607->12609 12612 d8987e __tolower_l 66 API calls 12608->12612 12611 d8dc89 __lseek_nolock 68 API calls 12609->12611 12610->12613 12614 d8dd93 12611->12614 12615 d8dda0 12612->12615 12613->12576 12645 d8ddca 12614->12645 12616 d89891 __tsopen_nolock 66 API calls 12615->12616 12616->12614 12619 d8818e 12618->12619 12620 d881a6 12618->12620 12621 d8987e __tolower_l 66 API calls 12619->12621 12622 d8dbee __fseek_nolock 66 API calls 12620->12622 12624 d88193 12621->12624 12623 d881ad 12622->12623 12626 d8dcfe __write 71 API calls 12623->12626 12625 d89c96 __tsopen_nolock 11 API calls 12624->12625 12634 d8819e 12625->12634 12627 d881c4 12626->12627 12628 d88236 12627->12628 12630 d881f6 12627->12630 12627->12634 12629 d8987e __tolower_l 66 API calls 12628->12629 12629->12634 12631 d8dcfe __write 71 API calls 12630->12631 12630->12634 12632 d88291 12631->12632 12633 d8dcfe __write 71 API calls 12632->12633 12632->12634 12633->12634 12634->12569 12636 d8655b __tsopen_nolock 12635->12636 12637 d865b5 12636->12637 12640 d89e20 __lock 66 API calls 12636->12640 12638 d865ba EnterCriticalSection 12637->12638 12639 d865d7 __tsopen_nolock 12637->12639 12638->12639 12639->12607 12641 d86587 12640->12641 12642 d865a3 12641->12642 12643 d86590 InitializeCriticalSectionAndSpinCount 12641->12643 12648 d865e5 12642->12648 12643->12642 12652 d865ee LeaveCriticalSection 12645->12652 12647 d8ddd0 12647->12613 12651 d89d47 LeaveCriticalSection 12648->12651 12650 d865ec 12650->12637 12651->12650 12652->12647 12654 d868f8 _fseek 2 API calls 12653->12654 12655 d88372 12654->12655 12655->12060 12657 d87ef2 __tsopen_nolock 12656->12657 12821 d82a00 htonl 12752->12821 12754 d82d92 12848 d82d10 12754->12848 12756 d82d9e 12757 d82da3 12756->12757 12855 d82bb0 12756->12855 12757->11706 12760 d82ddb htonl 12761 d82dc4 13679 d82e10 12770->13679 12772 d83251 12773 d83259 12772->12773 12774 d83273 12772->12774 12775 d861bd __findfirst64i32 5 API calls 12773->12775 13691 d82fd0 12774->13691 12777 d8326c 12775->12777 12777->11706 12778 d83280 12779 d83288 12778->12779 12780 d83299 12778->12780 12781 d86e44 _free 66 API calls 12779->12781 13695 d81a10 12780->13695 12808 d8328e 12781->12808 12784 d832c0 12788 d82d10 132 API calls 12784->12788 12785 d832f1 12786 d81a10 190 API calls 12785->12786 12790 d83311 12786->12790 12787 d861bd __findfirst64i32 5 API calls 12791 d8343a 12787->12791 12789 d832c7 12788->12789 12796 d832ea 12789->12796 13702 d82ec0 12789->13702 12792 d83318 12790->12792 12793 d83353 12790->12793 12791->11706 13727 d83020 12792->13727 12795 d81a10 190 API calls 12793->12795 12799 d83375 12795->12799 12800 d81860 103 API calls 12796->12800 12802 d833b8 12799->12802 12804 d81a10 190 API calls 12799->12804 12803 d83342 12800->12803 12811 d833bf 12802->12811 13733 d83060 12802->13733 12807 d86e44 _free 66 API calls 12803->12807 12809 d83396 12804->12809 12807->12808 12808->12787 12809->12802 12822 d8801b _fseek 101 API calls 12821->12822 12823 d82a22 htonl 12822->12823 12824 d880e7 _malloc 66 API calls 12823->12824 12825 d82a34 12824->12825 12826 d82a3d 12825->12826 12827 d82a50 htonl 12825->12827 12914 d818d0 12826->12914 12828 d87f74 __fread_nolock 81 API calls 12827->12828 12830 d82a65 12828->12830 12832 d82a6d 12830->12832 12840 d82a80 12830->12840 12833 d818d0 103 API calls 12832->12833 12834 d82a77 12833->12834 12834->12754 12835 d82baa 12835->12754 12837 d82b82 12838 d86e44 _free 66 API calls 12837->12838 12839 d82b8a 12838->12839 12839->12835 12841 d818d0 103 API calls 12839->12841 12843 d880e7 _malloc 66 API calls 12840->12843 12847 d82b54 _memmove 12840->12847 12842 d82ba1 12841->12842 12842->12754 12844 d82adb _memset 12843->12844 12845 d82b14 htonl 12844->12845 12846 d82b3b htonl 12845->12846 12846->12847 12847->12835 12897 d82910 12847->12897 12849 d82d20 12848->12849 12852 d82d3f 12848->12852 13020 d81940 GetTempPathA GetCurrentProcessId 12849->13020 12851 d82d26 12851->12852 12853 d81860 103 API calls 12851->12853 12852->12756 12854 d82d37 12853->12854 12854->12756 12856 d82bd1 12855->12856 13165 d88981 12856->13165 12858 d8745b __stat64i32 185 API calls 12859 d82cc0 12858->12859 12860 d82cd7 12859->12860 12861 d818d0 103 API calls 12859->12861 12862 d88430 143 API calls 12860->12862 12861->12860 12863 d82ce9 12862->12863 12864 d861bd __findfirst64i32 5 API calls 12863->12864 12865 d82cfa 12864->12865 12865->12760 12865->12761 12866 d88981 _strtok 66 API calls 12867 d82c21 12866->12867 12867->12866 12868 d82cb0 12867->12868 12870 d9354e 68 API calls 12867->12870 13170 d8745b 12867->13170 12868->12858 12870->12867 12919 d852f0 12897->12919 12899 d8291a htonl 12900 d880e7 _malloc 66 API calls 12899->12900 12901 d8292d 12900->12901 12902 d8294b htonl htonl 12901->12902 12903 d82936 12901->12903 12905 d8299a 12902->12905 12904 d818d0 103 API calls 12903->12904 12906 d82940 12904->12906 12907 d829e4 12905->12907 12908 d829a1 12905->12908 12906->12837 12909 d818d0 103 API calls 12907->12909 12911 d829b4 12908->12911 12912 d818d0 103 API calls 12908->12912 12910 d829f4 12909->12910 12910->12837 12911->12837 12913 d829d9 12912->12913 12913->12837 12920 d8795e 12914->12920 12917 d861bd __findfirst64i32 5 API calls 12918 d81930 12917->12918 12918->12754 12919->12899 12923 d878b2 12920->12923 12924 d878ce 12923->12924 12925 d878e3 12923->12925 12927 d8987e __tolower_l 66 API calls 12924->12927 12926 d87907 12925->12926 12929 d878f2 12925->12929 12938 d8c549 12926->12938 12928 d878d3 12927->12928 12930 d89c96 __tsopen_nolock 11 API calls 12928->12930 12931 d8987e __tolower_l 66 API calls 12929->12931 12933 d81903 MessageBoxA 12930->12933 12934 d878f7 12931->12934 12933->12917 12936 d89c96 __tsopen_nolock 11 API calls 12934->12936 12936->12933 12939 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 12938->12939 12940 d8c5b0 12939->12940 12941 d8c5b4 12940->12941 12944 d8dbee __fseek_nolock 66 API calls 12940->12944 12950 d8c5eb __output_l __aulldvrm _strlen 12940->12950 12942 d8987e __tolower_l 66 API calls 12941->12942 12943 d8c5b9 12942->12943 12945 d89c96 __tsopen_nolock 11 API calls 12943->12945 12944->12950 12946 d8c5c4 12945->12946 12947 d861bd __findfirst64i32 5 API calls 12946->12947 12948 d87935 12947->12948 12948->12933 12959 d8c33e 12948->12959 12950->12941 12950->12946 12951 d8cc40 DecodePointer 12950->12951 12952 d86e44 _free 66 API calls 12950->12952 12953 d8c4d5 97 API calls _write_string 12950->12953 12954 d8c4a2 97 API calls __output_l 12950->12954 12955 d89eb9 __malloc_crt 66 API calls 12950->12955 12956 d8cca9 DecodePointer 12950->12956 12957 d8ccca DecodePointer 12950->12957 12958 d91c6a 78 API calls __cftof 12950->12958 12980 d91c87 12950->12980 12951->12950 12952->12950 12953->12950 12954->12950 12955->12950 12956->12950 12957->12950 12958->12950 12960 d8dbee __fseek_nolock 66 API calls 12959->12960 12961 d8c34e 12960->12961 12962 d8c359 12961->12962 12963 d8c370 12961->12963 12965 d8987e __tolower_l 66 API calls 12962->12965 12964 d8c374 12963->12964 12973 d8c381 __flsbuf 12963->12973 12966 d8987e __tolower_l 66 API calls 12964->12966 12971 d8c35e 12965->12971 12966->12971 12967 d8c471 12969 d8e9cd __write 97 API calls 12967->12969 12968 d8c3f1 12970 d8c408 12968->12970 12975 d8c425 12968->12975 12969->12971 12972 d8e9cd __write 97 API calls 12970->12972 12971->12933 12972->12971 12973->12971 12976 d8c3d7 12973->12976 12979 d8c3e2 12973->12979 12983 d91aa9 12973->12983 12975->12971 12992 d90cfc 12975->12992 12978 d91a60 __getbuf 66 API calls 12976->12978 12976->12979 12978->12979 12979->12967 12979->12968 12981 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 12980->12981 12982 d91c9a 12981->12982 12982->12950 12984 d91ac5 12983->12984 12985 d91ab6 12983->12985 12987 d91ae3 12984->12987 12988 d8987e __tolower_l 66 API calls 12984->12988 12986 d8987e __tolower_l 66 API calls 12985->12986 12991 d91abb 12986->12991 12987->12976 12989 d91ad6 12988->12989 12990 d89c96 __tsopen_nolock 11 API calls 12989->12990 12990->12991 12991->12976 12993 d90d08 __tsopen_nolock 12992->12993 12994 d90d19 12993->12994 12995 d90d35 12993->12995 12997 d89891 __tsopen_nolock 66 API calls 12994->12997 12996 d90d41 12995->12996 13001 d90d7b 12995->13001 12998 d89891 __tsopen_nolock 66 API calls 12996->12998 12999 d90d1e 12997->12999 13000 d90d46 12998->13000 13002 d8987e __tolower_l 66 API calls 12999->13002 13004 d8654f ___lock_fhandle 68 API calls 13001->13004 13006 d90d81 13004->13006 13034 d87be6 13020->13034 13024 d81976 13025 d819bd 13024->13025 13026 d86e44 _free 66 API calls 13024->13026 13027 d819a9 13024->13027 13045 d8797b 13024->13045 13078 d9354e CreateDirectoryA 13024->13078 13030 d86e44 _free 66 API calls 13025->13030 13026->13024 13028 d861bd __findfirst64i32 5 API calls 13027->13028 13029 d819b9 13028->13029 13029->12851 13031 d819e8 13030->13031 13032 d861bd __findfirst64i32 5 API calls 13031->13032 13033 d819fe 13032->13033 13033->12851 13035 d87c19 13034->13035 13036 d87c04 13034->13036 13035->13036 13037 d87c20 13035->13037 13038 d8987e __tolower_l 66 API calls 13036->13038 13039 d8c549 __output_l 102 API calls 13037->13039 13040 d87c09 13038->13040 13041 d87c46 13039->13041 13042 d89c96 __tsopen_nolock 11 API calls 13040->13042 13043 d87c14 13041->13043 13044 d8c33e __flsbuf 97 API calls 13041->13044 13042->13043 13043->13024 13044->13043 13046 d87987 __tsopen_nolock 13045->13046 13047 d89d5e __mtinitlocknum 66 API calls 13046->13047 13048 d87999 13047->13048 13050 d87bc6 __tsopen_nolock 13048->13050 13084 d86f7f 13048->13084 13050->13024 13079 d9356a 13078->13079 13080 d93562 GetLastError 13078->13080 13081 d9357c 13079->13081 13082 d898a4 __dosmaperr 66 API calls 13079->13082 13080->13079 13081->13024 13083 d93576 13082->13083 13083->13024 13085 d86f8b __tsopen_nolock 13084->13085 13086 d89e20 __lock 66 API calls 13085->13086 13087 d86f92 13086->13087 13088 d86fa6 13087->13088 13090 d86fd1 13087->13090 13166 d8a3c9 __getptd 66 API calls 13165->13166 13167 d889a4 13166->13167 13168 d861bd __findfirst64i32 5 API calls 13167->13168 13169 d88a3c 13168->13169 13169->12867 13171 d8748b 13170->13171 13172 d874a7 13170->13172 13173 d89891 __tsopen_nolock 66 API calls 13171->13173 13172->13171 13174 d874ab 13172->13174 13176 d87490 13173->13176 13237 d8c327 13174->13237 13178 d8987e __tolower_l 66 API calls 13176->13178 13180 d87497 13178->13180 13184 d89c96 __tsopen_nolock 11 API calls 13180->13184 13236 d874a2 13184->13236 13376 d8c262 13237->13376 13239 d874b6 13377 d8a7f5 _LocaleUpdate::_LocaleUpdate 76 API calls 13376->13377 13378 d8c277 13377->13378 13379 d8987e __tolower_l 66 API calls 13378->13379 13382 d8c281 _strpbrk 13378->13382 13380 d8c29f 13379->13380 13382->13239 13680 d82e30 13679->13680 13680->13680 13681 d88981 _strtok 66 API calls 13680->13681 13682 d82e48 13681->13682 13683 d88981 _strtok 66 API calls 13682->13683 13685 d82e66 13683->13685 13684 d82e99 13687 d861bd __findfirst64i32 5 API calls 13684->13687 13685->13684 13686 d82e82 13685->13686 13688 d861bd __findfirst64i32 5 API calls 13686->13688 13689 d82eaa 13687->13689 13690 d82e92 13688->13690 13689->12772 13690->12772 13692 d82fda _strrchr 13691->13692 13693 d87056 _calloc 66 API calls 13692->13693 13694 d82fe8 _strncpy 13693->13694 13694->12778 13696 d8795e _vswprintf_s 102 API calls 13695->13696 13697 d81a33 13696->13697 13698 d8745b __stat64i32 185 API calls 13697->13698 13699 d81a3e 13698->13699 13700 d861bd __findfirst64i32 5 API calls 13699->13700 13701 d81a4c 13700->13701 13701->12784 13701->12785 13703 d82eca __write_nolock 13702->13703 13704 d88430 143 API calls 13703->13704 13705 d82ef1 13704->13705 13706 d82bb0 198 API calls 13705->13706 13728 d82d10 132 API calls 13727->13728 13729 d83028 13728->13729 13786 d93329 13785->13786 13814 d93321 13785->13814 13787 d93349 13786->13787 13788 d93331 13786->13788 13790 d9334f 13787->13790 13794 d933a4 _strnlen 13787->13794 13789 d8987e __tolower_l 66 API calls 13788->13789 13791 d93336 13789->13791 13792 d92b43 __putenv_helper 76 API calls 13790->13792 13793 d89c96 __tsopen_nolock 11 API calls 13791->13793 13798 d93357 _strnlen 13792->13798 13793->13814 13796 d933c6 13794->13796 13801 d933db 13794->13801 13795 d93378 _strlen 13800 d89efe __calloc_crt 66 API calls 13795->13800 13797 d8987e __tolower_l 66 API calls 13796->13797 13799 d933cb 13797->13799 13798->13795 13798->13796 13802 d89c96 __tsopen_nolock 11 API calls 13799->13802 13803 d93389 13800->13803 13804 d89efe __calloc_crt 66 API calls 13801->13804 13802->13814 13806 d8aaa2 _strcpy_s 66 API calls 13803->13806 13803->13814 13805 d933e7 13804->13805 13808 d8aaa2 _strcpy_s 66 API calls 13805->13808 13805->13814 13807 d9339f 13806->13807 13811 d90174 ___crtsetenv 99 API calls 13807->13811 13809 d933fe 13808->13809 13810 d8aaa2 _strcpy_s 66 API calls 13809->13810 13810->13807 13812 d93426 13811->13812 13813 d93449 MultiByteToWideChar 13812->13813 13812->13814 13829 d9342c 13812->13829 13815 d93461 13813->13815 13816 d934d1 13813->13816 13831 d93545 13814->13831 13818 d93475 13815->13818 13819 d93466 MultiByteToWideChar 13815->13819 13817 d8987e __tolower_l 66 API calls 13816->13817 13817->13814 13821 d89efe __calloc_crt 66 API calls 13818->13821 13819->13816 13819->13818 13820 d86e44 _free 66 API calls 13820->13814 13822 d93481 13821->13822 13822->13814 13823 d9348a MultiByteToWideChar 13822->13823 13824 d934c9 13823->13824 13825 d93499 _wcslen 13823->13825 13827 d86e44 _free 66 API calls 13824->13827 13826 d934df 13825->13826 13830 d934a6 MultiByteToWideChar 13825->13830 13834 d9366b 13826->13834 13827->13816 13829->13814 13829->13820 13830->13824 13830->13826 13970 d89d47 LeaveCriticalSection 13831->13970 13833 d9354c 13833->11714 13835 d93680 13834->13835 13841 d93698 _wcschr 13834->13841 13836 d8987e __tolower_l 66 API calls 13835->13836 13839 d93685 13836->13839 13837 d93708 13838 d8987e __tolower_l 66 API calls 13837->13838 13871 d93690 13838->13871 13840 d89c96 __tsopen_nolock 11 API calls 13839->13840 13840->13871 13841->13837 13843 d936d5 13841->13843 13881 d9360b 13841->13881 13844 d9371b 13843->13844 13846 d936ec 13843->13846 13856 d9374a 13843->13856 13848 d9372f 13844->13848 13850 d89eb9 __malloc_crt 66 API calls 13844->13850 13844->13871 13889 d93c7d GetEnvironmentStringsW 13846->13889 13852 d89eb9 __malloc_crt 66 API calls 13848->13852 13848->13856 13848->13871 13850->13848 13851 d936f1 13852->13856 13856->13871 13918 d935b6 13856->13918 13871->13829 13882 d93661 13881->13882 13883 d9361c 13881->13883 13882->13843 13884 d89efe __calloc_crt 66 API calls 13883->13884 13885 d93633 13884->13885 13886 d87363 __amsg_exit 66 API calls 13885->13886 13887 d93645 13885->13887 13886->13887 13887->13882 13890 d93c8e 13889->13890 13891 d93c92 13889->13891 13890->13851 13891->13891 13892 d89eb9 __malloc_crt 66 API calls 13891->13892 13893 d93cb4 _memmove 13892->13893 13921 d935c4 13918->13921 13919 d935ee 13921->13919 13930 d93a0b 13921->13930 13970->13833 13972 d86a6d __tsopen_nolock 13971->13972 13973 d86b5b 13972->13973 13974 d86aef _siglookup _memmove 13972->13974 13991 d86ab8 13972->13991 13975 d89e20 __lock 66 API calls 13973->13975 13977 d86b1e __tsopen_nolock 13974->13977 13978 d8987e __tolower_l 66 API calls 13974->13978 13976 d86b62 13975->13976 13980 d86b8d 13976->13980 13981 d86b79 SetConsoleCtrlHandler 13976->13981 13977->11717 13979 d86c8d 13978->13979 13982 d89c96 __tsopen_nolock 11 API calls 13979->13982 13984 d86c2d DecodePointer 13980->13984 13985 d86bb4 13980->13985 13981->13980 13983 d86b95 13981->13983 13982->13977 13989 d89891 __tsopen_nolock 66 API calls 13983->13989 13987 d86c4c 13984->13987 13988 d86c40 EncodePointer 13984->13988 13990 d86bca DecodePointer 13985->13990 13996 d86c0c DecodePointer 13985->13996 13997 d86bbe 13985->13997 13986 d8a350 __getptd_noexit 66 API calls 13992 d86ad0 13986->13992 14016 d86c66 13987->14016 13988->13987 13995 d86b9a GetLastError 13989->13995 13990->13987 13993 d86bdd EncodePointer 13990->13993 13991->13974 13991->13986 13992->13974 14002 d89eb9 __malloc_crt 66 API calls 13992->14002 13993->13987 13995->13980 13996->13987 14000 d86c1f EncodePointer 13996->14000 13998 d86beb DecodePointer 13997->13998 13999 d86bc3 13997->13999 13998->13987 14001 d86bfe EncodePointer 13998->14001 13999->13987 13999->13990 14000->13987 14001->13987 14002->13974 14004 d8650b 14003->14004 14005 d864f3 14003->14005 14007 d89891 __tsopen_nolock 66 API calls 14004->14007 14010 d8654a 14004->14010 14006 d89891 __tsopen_nolock 66 API calls 14005->14006 14008 d864f8 14006->14008 14009 d8651c 14007->14009 14011 d8987e __tolower_l 66 API calls 14008->14011 14012 d8987e __tolower_l 66 API calls 14009->14012 14010->11728 14014 d86500 14011->14014 14013 d86524 14012->14013 14014->11728 14019 d89d47 LeaveCriticalSection 14016->14019 14018 d86c6d 14018->13974 14019->14018 14021 d8102d GetVersionExA 14020->14021 14021->11749 14021->11753 14023 d87be6 _sprintf 102 API calls 14022->14023 14024 d82350 LoadLibraryExA 14023->14024 14025 d82368 14024->14025 14026 d823c5 14024->14026 14027 d87be6 _sprintf 102 API calls 14025->14027 14084 d81da0 GetProcAddress 14026->14084 14029 d8237f LoadLibraryExA 14027->14029 14029->14026 14031 d82391 GetLastError 14029->14031 14030 d823cc 14032 d861bd __findfirst64i32 5 API calls 14030->14032 14033 d81860 103 API calls 14031->14033 14034 d823e2 14032->14034 14035 d823a7 14033->14035 14034->11764 14036 d861bd __findfirst64i32 5 API calls 14035->14036 14037 d823be 14036->14037 14037->11764 14039 d8256f 14038->14039 14039->14039 14040 d93509 109 API calls 14039->14040 14041 d82624 14040->14041 14041->14041 14042 d93509 109 API calls 14041->14042 14043 d826a4 14042->14043 14229 d823f0 14043->14229 14045 d82735 14045->14045 14047 d87be6 _sprintf 102 API calls 14045->14047 14049 d82785 14047->14049 14048 d87be6 _sprintf 102 API calls 14048->14045 14050 d8280f 14049->14050 14051 d82834 14049->14051 14053 d81860 103 API calls 14050->14053 14052 d861bd __findfirst64i32 5 API calls 14051->14052 14054 d82844 14052->14054 14055 d82819 14053->14055 14054->11767 14056 d861bd __findfirst64i32 5 API calls 14055->14056 14085 d81dbd 14084->14085 14086 d81dd0 GetProcAddress 14084->14086 14087 d81860 103 API calls 14085->14087 14088 d81de1 14086->14088 14089 d81df4 GetProcAddress 14086->14089 14090 d81dc7 14087->14090 14091 d81860 103 API calls 14088->14091 14092 d81e18 GetProcAddress 14089->14092 14093 d81e05 14089->14093 14090->14030 14094 d81deb 14091->14094 14096 d81e29 14092->14096 14097 d81e3c GetProcAddress 14092->14097 14095 d81860 103 API calls 14093->14095 14094->14030 14100 d81e0f 14095->14100 14101 d81860 103 API calls 14096->14101 14098 d81e4d 14097->14098 14099 d81e60 GetProcAddress 14097->14099 14102 d81860 103 API calls 14098->14102 14103 d81e71 14099->14103 14104 d81e84 GetProcAddress GetProcAddress GetProcAddress 14099->14104 14100->14030 14105 d81e33 14101->14105 14106 d81e57 14102->14106 14107 d81860 103 API calls 14103->14107 14108 d81eaf 14104->14108 14109 d81ec2 GetProcAddress 14104->14109 14105->14030 14106->14030 14110 d81e7b 14107->14110 14111 d81860 103 API calls 14108->14111 14112 d81ed3 14109->14112 14113 d81ee6 GetProcAddress 14109->14113 14110->14030 14116 d81eb9 14111->14116 14117 d81860 103 API calls 14112->14117 14114 d81f0a GetProcAddress 14113->14114 14115 d81ef7 14113->14115 14119 d81f1b 14114->14119 14120 d81f2e GetProcAddress 14114->14120 14118 d81860 103 API calls 14115->14118 14116->14030 14121 d81edd 14117->14121 14122 d81f01 14118->14122 14123 d81860 103 API calls 14119->14123 14124 d81f3f 14120->14124 14125 d81f52 GetProcAddress 14120->14125 14121->14030 14122->14030 14126 d81f25 14123->14126 14127 d81860 103 API calls 14124->14127 14128 d81f63 14125->14128 14129 d81f76 GetProcAddress 14125->14129 14126->14030 14132 d81f49 14127->14132 14133 d81860 103 API calls 14128->14133 14130 d81f9a GetProcAddress 14129->14130 14131 d81f87 14129->14131 14135 d81fab 14130->14135 14136 d81fbe GetProcAddress 14130->14136 14134 d81860 103 API calls 14131->14134 14132->14030 14137 d81f6d 14133->14137 14138 d81f91 14134->14138 14139 d81860 103 API calls 14135->14139 14140 d81fcf 14136->14140 14141 d81fe2 GetProcAddress 14136->14141 14137->14030 14138->14030 14142 d81fb5 14139->14142 14143 d81860 103 API calls 14140->14143 14144 d81ff3 14141->14144 14145 d82006 GetProcAddress 14141->14145 14142->14030 14148 d81fd9 14143->14148 14149 d81860 103 API calls 14144->14149 14146 d8202a GetProcAddress 14145->14146 14147 d82017 14145->14147 14151 d8203b 14146->14151 14152 d8204e GetProcAddress 14146->14152 14150 d81860 103 API calls 14147->14150 14148->14030 14153 d81ffd 14149->14153 14154 d82021 14150->14154 14155 d81860 103 API calls 14151->14155 14156 d8205f 14152->14156 14157 d82072 GetProcAddress 14152->14157 14153->14030 14154->14030 14158 d82045 14155->14158 14159 d81860 103 API calls 14156->14159 14160 d82083 14157->14160 14161 d82096 GetProcAddress 14157->14161 14158->14030 14164 d82069 14159->14164 14165 d81860 103 API calls 14160->14165 14162 d820ba GetProcAddress 14161->14162 14163 d820a7 14161->14163 14167 d820cb 14162->14167 14168 d820de GetProcAddress 14162->14168 14166 d81860 103 API calls 14163->14166 14164->14030 14169 d8208d 14165->14169 14170 d820b1 14166->14170 14169->14030 14170->14030 14232 d82405 14229->14232 14241 d824c0 14229->14241 14230 d8245c htonl 14230->14232 14231 d81860 103 API calls 14231->14232 14232->14230 14232->14231 14233 d82484 __flsbuf 14232->14233 14234 d8dbee __fseek_nolock 66 API calls 14233->14234 14233->14241 14235 d82498 14234->14235 14242 d8852f 14235->14242 14241->14045 14241->14048 14243 d8853b __tsopen_nolock 14242->14243 14244 d88579 14243->14244 14252 d88561 14243->14252 14245 d88581 14244->14245 14248 d8858e 14244->14248 14254 d8987e __tolower_l 66 API calls 14252->14254 14369 d8a269 DecodePointer 14368->14369 14370 d8a278 14368->14370 14369->14370 14371 d8a289 TlsFree 14370->14371 14372 d8a297 14370->14372 14371->14372 14372->14372 14382 d8a219 EncodePointer 14373->14382 14375 d870f3 __init_pointers __initp_misc_winsig 14383 d8abd9 EncodePointer 14375->14383 14377 d87119 EncodePointer EncodePointer EncodePointer EncodePointer 14378 d89ca6 14377->14378 14379 d89cb1 14378->14379 14380 d89cbb InitializeCriticalSectionAndSpinCount 14379->14380 14381 d89cde 14379->14381 14380->14379 14380->14381 14381->11114 14381->11115 14382->14375 14383->14377 14386 d8ec4b 14384->14386 14385 d922be __wincmdln 76 API calls 14385->14386 14386->14385 14388 d8ecb8 14386->14388 14387 d8edb6 14387->11132 14387->11135 14388->14387 14389 d922be 76 API calls __wincmdln 14388->14389 14389->14388 14429 d8abc4 14430 d8abc7 14429->14430 14433 d903b6 14430->14433 14442 d86a54 DecodePointer 14433->14442 14435 d903bb 14436 d903c6 14435->14436 14443 d86ca1 14435->14443 14437 d903de 14436->14437 14439 d89b1b __call_reportfault 8 API calls 14436->14439 14440 d8732f _raise 66 API calls 14437->14440 14439->14437 14441 d903e8 14440->14441 14442->14435 14446 d86cad __tsopen_nolock 14443->14446 14444 d86d08 14445 d86cea DecodePointer 14444->14445 14451 d86d17 14444->14451 14450 d86cd9 _siglookup 14445->14450 14446->14444 14446->14445 14447 d86cd4 14446->14447 14452 d86cd0 14446->14452 14448 d8a350 __getptd_noexit 66 API calls 14447->14448 14448->14450 14455 d86d74 14450->14455 14457 d8732f _raise 66 API calls 14450->14457 14463 d86ce2 __tsopen_nolock 14450->14463 14453 d8987e __tolower_l 66 API calls 14451->14453 14452->14447 14452->14451 14454 d86d1c 14453->14454 14456 d89c96 __tsopen_nolock 11 API calls 14454->14456 14458 d89e20 __lock 66 API calls 14455->14458 14459 d86d7f 14455->14459 14456->14463 14457->14455 14458->14459 14461 d86db4 14459->14461 14464 d8a219 EncodePointer 14459->14464 14465 d86e08 14461->14465 14463->14436 14464->14461 14466 d86e0e 14465->14466 14467 d86e15 14465->14467 14469 d89d47 LeaveCriticalSection 14466->14469 14467->14463 14469->14467 10929 d85320 10930 d86e44 _free 66 API calls 10929->10930 10931 d8532a 10930->10931 14509 d8a3e3 14511 d8a3ef __tsopen_nolock 14509->14511 14510 d8a407 14513 d8a415 14510->14513 14515 d86e44 _free 66 API calls 14510->14515 14511->14510 14512 d86e44 _free 66 API calls 14511->14512 14514 d8a4f1 __tsopen_nolock 14511->14514 14512->14510 14516 d8a423 14513->14516 14517 d86e44 _free 66 API calls 14513->14517 14515->14513 14518 d8a431 14516->14518 14519 d86e44 _free 66 API calls 14516->14519 14517->14516 14520 d8a43f 14518->14520 14521 d86e44 _free 66 API calls 14518->14521 14519->14518 14522 d86e44 _free 66 API calls 14520->14522 14523 d8a44d 14520->14523 14521->14520 14522->14523 14524 d86e44 _free 66 API calls 14523->14524 14526 d8a45b 14523->14526 14524->14526 14525 d8a46c 14528 d89e20 __lock 66 API calls 14525->14528 14526->14525 14527 d86e44 _free 66 API calls 14526->14527 14527->14525 14529 d8a474 14528->14529 14530 d8a499 14529->14530 14531 d8a480 InterlockedDecrement 14529->14531 14545 d8a4fd 14530->14545 14531->14530 14532 d8a48b 14531->14532 14532->14530 14535 d86e44 _free 66 API calls 14532->14535 14535->14530 14536 d89e20 __lock 66 API calls 14537 d8a4ad 14536->14537 14538 d8a4de 14537->14538 14540 d8f37a ___removelocaleref 8 API calls 14537->14540 14548 d8a509 14538->14548 14543 d8a4c2 14540->14543 14542 d86e44 _free 66 API calls 14542->14514 14543->14538 14544 d8f413 ___freetlocinfo 66 API calls 14543->14544 14544->14538 14551 d89d47 LeaveCriticalSection 14545->14551 14547 d8a4a6 14547->14536 14552 d89d47 LeaveCriticalSection 14548->14552 14550 d8a4eb 14550->14542 14551->14547 14552->14550 14553 d86865 14560 d8a210 14553->14560 14556 d86878 14558 d86e44 _free 66 API calls 14556->14558 14559 d86883 14558->14559 14573 d8a136 14560->14573 14562 d8686a 14562->14556 14563 d89fea 14562->14563 14564 d89ff6 __tsopen_nolock 14563->14564 14565 d89e20 __lock 66 API calls 14564->14565 14568 d8a002 14565->14568 14566 d8a068 14590 d8a07d 14566->14590 14568->14566 14570 d88aab __fcloseall 102 API calls 14568->14570 14571 d8a03d DeleteCriticalSection 14568->14571 14569 d8a074 __tsopen_nolock 14569->14556 14570->14568 14572 d86e44 _free 66 API calls 14571->14572 14572->14568 14574 d8a142 __tsopen_nolock 14573->14574 14575 d89e20 __lock 66 API calls 14574->14575 14582 d8a151 14575->14582 14576 d8a1e9 14586 d8a207 14576->14586 14578 d868c6 __getstream 67 API calls 14578->14582 14579 d8a1f5 __tsopen_nolock 14579->14562 14581 d8a0ee 101 API calls __fflush_nolock 14581->14582 14582->14576 14582->14578 14582->14581 14583 d8a1d8 14582->14583 14584 d86934 __getstream 2 API calls 14583->14584 14585 d8a1e6 14584->14585 14585->14582 14589 d89d47 LeaveCriticalSection 14586->14589 14588 d8a20e 14588->14579 14589->14588 14593 d89d47 LeaveCriticalSection 14590->14593 14592 d8a084 14592->14569 14593->14592

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 88 d814f0-d81580 call d861d0 * 2 call d87056 95 d815aa-d81601 call d812d0 call d81300 call d81380 call d81330 call d86f05 88->95 96 d81582-d815a7 call d81860 call d861bd 88->96 111 d8160a-d8160e 95->111 112 d81603-d81606 95->112 114 d81611-d81616 111->114 112->111 113 d81608 112->113 113->111 114->114 115 d81618-d81636 call d83660 114->115 118 d81638-d8163f 115->118 119 d8168c-d81690 115->119 122 d81640-d81645 118->122 120 d816e9-d816ef 119->120 121 d81692-d816a1 call d83450 119->121 123 d816f0-d816f4 120->123 134 d8177c-d8178b call d834b0 121->134 135 d816a7-d816af 121->135 122->122 125 d81647-d81665 call d83660 122->125 126 d81710-d81712 123->126 127 d816f6-d816f8 123->127 125->119 136 d81667-d81687 call d81860 125->136 133 d81715-d81717 126->133 131 d816fa-d81700 127->131 132 d8170c-d8170e 127->132 131->126 137 d81702-d8170a 131->137 132->133 139 d81719-d8171f 133->139 140 d8174a-d81777 call d81000 call d83ae0 call d811d0 call d839e0 133->140 148 d817e9-d817ec 134->148 149 d8178d-d81799 134->149 141 d816b0-d816b5 135->141 154 d81838-d8184e call d861bd 136->154 137->123 137->132 144 d81725-d8172d 139->144 174 d81834 140->174 141->141 145 d816b7-d816c0 141->145 144->144 150 d8172f-d8173b 144->150 151 d816c1-d816c7 145->151 153 d81836-d81837 148->153 155 d8179b 149->155 156 d8179f 149->156 157 d81740-d81748 150->157 151->151 158 d816c9-d816e6 call d93509 151->158 153->154 155->156 161 d817a1-d817a6 156->161 157->140 157->157 158->120 161->161 166 d817a8-d817b1 161->166 169 d817b2-d817b8 166->169 169->169 171 d817ba-d817e7 call d93509 call d813c0 169->171 171->148 178 d817ee-d817f6 call d813d0 171->178 174->153 180 d817fb-d8180d 178->180 181 d8181c-d81820 180->181 182 d8180f-d81819 call d83770 180->182 181->174 184 d81822-d81832 call d86e44 181->184 182->181 184->174
                                    APIs
                                    • _memset.LIBCMT ref: 00D81548
                                    • _memset.LIBCMT ref: 00D81566
                                    • _calloc.LIBCMT ref: 00D81572
                                    • __wgetenv.LIBCMT ref: 00D815F5
                                      • Part of subcall function 00D81860: _vswprintf_s.LIBCMT ref: 00D8188E
                                      • Part of subcall function 00D81860: MessageBoxA.USER32 ref: 00D818AC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset$Message__wgetenv_calloc_vswprintf_s
                                    • String ID: Cannot allocate memory for ARCHIVE_STATUS$Cannot open self %s or archive %s$Rx#$_MEIPASS2$_MEIPASS2=
                                    • API String ID: 4037812424-484612367
                                    • Opcode ID: 9a17f6f2f21837df1e289cd4ba84b2bdd63f9e0f0f999a2a07ed177b5ca780d4
                                    • Instruction ID: 02eaa500e1cf152c77bc515c641527e8de33e290772a14b25e98106e50a09713
                                    • Opcode Fuzzy Hash: 9a17f6f2f21837df1e289cd4ba84b2bdd63f9e0f0f999a2a07ed177b5ca780d4
                                    • Instruction Fuzzy Hash: A39105795083419BC720EB749C52BEB77EDAF95340F084A2DF48987242EA32D90EC772

                                    Control-flow Graph

                                    APIs
                                    • htonl.WS2_32(?), ref: 00D82A0D
                                    • _fseek.LIBCMT ref: 00D82A1D
                                    • htonl.WS2_32(?), ref: 00D82A29
                                    • _malloc.LIBCMT ref: 00D82A2F
                                      • Part of subcall function 00D880E7: __FF_MSGBANNER.LIBCMT ref: 00D88100
                                      • Part of subcall function 00D880E7: __NMSG_WRITE.LIBCMT ref: 00D88107
                                      • Part of subcall function 00D880E7: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00D89ECA,?,00000001,?,?,00D89DAB,00000018,00D99828,0000000C,00D89E3B), ref: 00D8812C
                                    • htonl.WS2_32(?), ref: 00D82A59
                                    • __fread_nolock.LIBCMT ref: 00D82A60
                                      • Part of subcall function 00D818D0: _vswprintf_s.LIBCMT ref: 00D818FE
                                      • Part of subcall function 00D818D0: MessageBoxA.USER32 ref: 00D8191C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: htonl$AllocateHeapMessage__fread_nolock_fseek_malloc_vswprintf_s
                                    • String ID: AES$Could not allocate read buffer$Could not read from file$Error decompressing %s$MODE_CFB$block_size$decrypt$new$s#Os#
                                    • API String ID: 3023491457-1385882035
                                    • Opcode ID: 1930296b57c586ff1e5bd2de5dc33fd57c3ad84965075ed15894c51bc23f402d
                                    • Instruction ID: ddcdbf8ea87113aac15f8b89550e455928d946ac7ff31574fe32d551f8aa4dd5
                                    • Opcode Fuzzy Hash: 1930296b57c586ff1e5bd2de5dc33fd57c3ad84965075ed15894c51bc23f402d
                                    • Instruction Fuzzy Hash: DA41C2B16403007FDB10BBB8AC4AE2F37ACEF98765F040515F909D6203E631D91687B5

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    • Could not read from file., xrefs: 00D81D23
                                    • Could not allocate buffer for TOC., xrefs: 00D81CF0
                                    • Error on file, xrefs: 00D81D54
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: htonl$_fseek$__fsopen_malloc
                                    • String ID: Could not allocate buffer for TOC.$Could not read from file.$Error on file
                                    • API String ID: 1981701958-3867088679
                                    • Opcode ID: 32e7d524458674c33acb25f3b3ea440818b8803f25c655c92fcd0ff2d7dfe727
                                    • Instruction ID: e5a72f72804613ab103b0edb98ff1e77ef0f7893517e5565201cb012fc1cfc43
                                    • Opcode Fuzzy Hash: 32e7d524458674c33acb25f3b3ea440818b8803f25c655c92fcd0ff2d7dfe727
                                    • Instruction Fuzzy Hash: C1310DB69007016BD630B779EC86E6B73DCDF94320F144A29F495C7283EA21E44B4771

                                    Control-flow Graph

                                    APIs
                                    • _signal.LIBCMT ref: 00D813DE
                                      • Part of subcall function 00D86A61: __getptd_noexit.LIBCMT ref: 00D86ACB
                                      • Part of subcall function 00D86A61: __malloc_crt.LIBCMT ref: 00D86AEA
                                      • Part of subcall function 00D86A61: _memmove.LIBCMT ref: 00D86B03
                                      • Part of subcall function 00D86A61: _siglookup.LIBCMT ref: 00D86B10
                                    • _signal.LIBCMT ref: 00D813E7
                                      • Part of subcall function 00D86A61: __lock.LIBCMT ref: 00D86B5D
                                      • Part of subcall function 00D86A61: SetConsoleCtrlHandler.KERNEL32(00D86981,00000001,00D99628,00000010,00D813E3,00000016,00000001), ref: 00D86B80
                                      • Part of subcall function 00D86A61: DecodePointer.KERNEL32(00D99628,00000010,00D813E3,00000016,00000001), ref: 00D86BD0
                                      • Part of subcall function 00D86A61: EncodePointer.KERNEL32(?), ref: 00D86BDE
                                    • _signal.LIBCMT ref: 00D813F0
                                      • Part of subcall function 00D86A61: GetLastError.KERNEL32 ref: 00D86B9C
                                      • Part of subcall function 00D86A61: DecodePointer.KERNEL32(00D99628,00000010,00D813E3,00000016,00000001), ref: 00D86BF1
                                      • Part of subcall function 00D86A61: EncodePointer.KERNEL32(?), ref: 00D86BFF
                                    • _signal.LIBCMT ref: 00D813F9
                                      • Part of subcall function 00D86A61: DecodePointer.KERNEL32(00D99628,00000010,00D813E3,00000016,00000001), ref: 00D86C12
                                      • Part of subcall function 00D86A61: EncodePointer.KERNEL32(?), ref: 00D86C20
                                    • GetStartupInfoW.KERNEL32 ref: 00D8141A
                                    • GetCommandLineW.KERNEL32(?,00000000,00000001,00000000,00000000,00000000,?,?), ref: 00D8149B
                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 00D814AA
                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D814BC
                                    • GetExitCodeProcess.KERNEL32(?), ref: 00D814CB
                                    Strings
                                    • Error creating child process!, xrefs: 00D814D8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Pointer$_signal$DecodeEncode$Process$CodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineObjectSingleStartupWait__getptd_noexit__lock__malloc_crt_memmove_siglookup
                                    • String ID: Error creating child process!
                                    • API String ID: 2611990654-874417334
                                    • Opcode ID: 09dcd99ab409d54b0a52aa3461d2f1518901fa2a13a01a589668912e2994e022
                                    • Instruction ID: 44ddd46a04087acb6a015bfdf7ff323b56eed663ae24be34bae17ffacacf402d
                                    • Opcode Fuzzy Hash: 09dcd99ab409d54b0a52aa3461d2f1518901fa2a13a01a589668912e2994e022
                                    • Instruction Fuzzy Hash: C72141B1908300ABD610BBA58D4AE5F7BE8EF88725F004909F659D72C1DBB5D5058BB2

                                    Control-flow Graph

                                    APIs
                                    • htonl.WS2_32(?), ref: 00D82922
                                    • _malloc.LIBCMT ref: 00D82928
                                      • Part of subcall function 00D880E7: __FF_MSGBANNER.LIBCMT ref: 00D88100
                                      • Part of subcall function 00D880E7: __NMSG_WRITE.LIBCMT ref: 00D88107
                                      • Part of subcall function 00D880E7: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00D89ECA,?,00000001,?,?,00D89DAB,00000018,00D99828,0000000C,00D89E3B), ref: 00D8812C
                                    • htonl.WS2_32 ref: 00D8296F
                                    • htonl.WS2_32(?), ref: 00D82980
                                      • Part of subcall function 00D818D0: _vswprintf_s.LIBCMT ref: 00D818FE
                                      • Part of subcall function 00D818D0: MessageBoxA.USER32 ref: 00D8191C
                                    Strings
                                    • Error %d from inflateInit: %s, xrefs: 00D829EA
                                    • Error %d from inflate: %s, xrefs: 00D829CF
                                    • 1.2.3, xrefs: 00D8298B
                                    • Error allocating decompression buffer, xrefs: 00D82936
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: htonl$AllocateHeapMessage_malloc_vswprintf_s
                                    • String ID: 1.2.3$Error %d from inflate: %s$Error %d from inflateInit: %s$Error allocating decompression buffer
                                    • API String ID: 3538005980-3945257986
                                    • Opcode ID: e3de59179a1d1df34b5da96d4877f48f23d8eef0402c9ae3c22ff037fe99c307
                                    • Instruction ID: e94b7f7608215fd8aa5d9713b107588642d97a79403b71e050596ac283323740
                                    • Opcode Fuzzy Hash: e3de59179a1d1df34b5da96d4877f48f23d8eef0402c9ae3c22ff037fe99c307
                                    • Instruction Fuzzy Hash: 4E2141B9A043006FD700FB659C42E5B77E8EFD4724F44492CF98886252E635D5098BB2

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 242 d81940-d8197b GetTempPathA GetCurrentProcessId call d87be6 245 d81980-d8198e call d8797b call d9354e 242->245 249 d81993-d81998 245->249 250 d8199a-d819a7 call d86e44 249->250 251 d819bd-d819c1 249->251 250->245 256 d819a9-d819bc call d861bd 250->256 252 d819c3-d819cb 251->252 252->252 254 d819cd-d819ce 252->254 257 d819d0-d819d6 254->257 257->257 259 d819d8-d81a01 call d86e44 call d861bd 257->259
                                    APIs
                                    • GetTempPathA.KERNEL32(00000104,?,?,00000000,?,?,00D82D26,00000000,?,00D82D9E,00D81786,?), ref: 00D8195B
                                    • GetCurrentProcessId.KERNEL32(?,00D82D26,00000000,?,00D82D9E,00D81786,?), ref: 00D81961
                                    • _sprintf.LIBCMT ref: 00D81971
                                    • __tempnam.LIBCMT ref: 00D81986
                                      • Part of subcall function 00D8797B: __mtinitlocknum.LIBCMT ref: 00D87994
                                      • Part of subcall function 00D8797B: __wdupenv_s.LIBCMT ref: 00D879AC
                                      • Part of subcall function 00D8797B: __invoke_watson.LIBCMT ref: 00D879C2
                                      • Part of subcall function 00D8797B: __waccess_s.LIBCMT ref: 00D879DC
                                      • Part of subcall function 00D8797B: _strlen.LIBCMT ref: 00D879FB
                                      • Part of subcall function 00D8797B: _strlen.LIBCMT ref: 00D87A05
                                      • Part of subcall function 00D8797B: _calloc.LIBCMT ref: 00D87A17
                                      • Part of subcall function 00D8797B: _strcat_s.LIBCMT ref: 00D87A34
                                      • Part of subcall function 00D8797B: _strlen.LIBCMT ref: 00D87A47
                                      • Part of subcall function 00D8797B: _strcat_s.LIBCMT ref: 00D87A6E
                                      • Part of subcall function 00D9354E: CreateDirectoryA.KERNELBASE(?,00000000), ref: 00D93558
                                      • Part of subcall function 00D9354E: GetLastError.KERNEL32 ref: 00D93562
                                      • Part of subcall function 00D9354E: __dosmaperr.LIBCMT ref: 00D93571
                                    • _free.LIBCMT ref: 00D8199B
                                      • Part of subcall function 00D86E44: RtlFreeHeap.NTDLL(00000000,00000000,?,00D8A3BA,00000000,?,00D8C5B0,00D81893,00D81893), ref: 00D86E5A
                                      • Part of subcall function 00D86E44: GetLastError.KERNEL32(00000000,?,00D8A3BA,00000000,?,00D8C5B0,00D81893,00D81893), ref: 00D86E6C
                                    • _free.LIBCMT ref: 00D819E3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _strlen$ErrorLast_free_strcat_s$CreateCurrentDirectoryFreeHeapPathProcessTemp__dosmaperr__invoke_watson__mtinitlocknum__tempnam__waccess_s__wdupenv_s_calloc_sprintf
                                    • String ID: _MEI%d
                                    • API String ID: 3791479793-2647977119
                                    • Opcode ID: a410894f0e9d5cbcfb5dfc295f504e9f0b76b8107cc0753ee4744b9bb9302b83
                                    • Instruction ID: fb5bdfb8480a9b0bda8df07f2a39957e650fca6156367779f62b20cfb8a689c3
                                    • Opcode Fuzzy Hash: a410894f0e9d5cbcfb5dfc295f504e9f0b76b8107cc0753ee4744b9bb9302b83
                                    • Instruction Fuzzy Hash: CC1157666043015BC700BB2D9C52DABB7DCEF95750F49016AF496C3202EB21E90A87B2

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 265 d82bb0-d82bcf 266 d82bd1-d82bd9 265->266 266->266 267 d82bdb-d82beb 266->267 268 d82bf0-d82bf8 267->268 268->268 269 d82bfa-d82bfe 268->269 270 d82c01-d82c06 269->270 270->270 271 d82c08-d82c28 call d88981 270->271 274 d82c2e-d82c2f 271->274 275 d82cb1-d82cc6 call d8745b 271->275 276 d82c30-d82c34 274->276 281 d82cc8-d82cd7 call d818d0 275->281 282 d82cda-d82d00 call d88430 call d861bd 275->282 278 d82c35-d82c3b 276->278 278->278 280 d82c3d-d82c4b 278->280 283 d82c50-d82c55 280->283 281->282 283->283 286 d82c57-d82c5f 283->286 289 d82c60-d82c66 286->289 289->289 291 d82c68-d82c89 call d88981 289->291 295 d82c8b-d82c9f call d8745b 291->295 296 d82cb0 291->296 295->276 299 d82ca1-d82ca6 call d9354e 295->299 296->275 301 d82cab-d82cae 299->301 301->276
                                    APIs
                                    Strings
                                    • WARNING: file already exists but should not: %s, xrefs: 00D82CCD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _strtok$__stat64i32
                                    • String ID: WARNING: file already exists but should not: %s
                                    • API String ID: 3667969297-146164175
                                    • Opcode ID: 932eaaa79ca5982f0650feee08c4c968af0993191849b2c98cfcdb39a09e5a5b
                                    • Instruction ID: 516492ceb19139803dd2692a346846bd86265398d20c7642f2dbaae28f6d4e61
                                    • Opcode Fuzzy Hash: 932eaaa79ca5982f0650feee08c4c968af0993191849b2c98cfcdb39a09e5a5b
                                    • Instruction Fuzzy Hash: E33126319083865BCB21BB689855AFFB7E4EF95740F484918F8C5C7205EA71D90D83B2

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 302 d87d2a-d87d46 303 d87d48-d87d4c 302->303 304 d87d62 302->304 303->304 305 d87d4e-d87d50 303->305 306 d87d64-d87d68 304->306 307 d87d69-d87d6e 305->307 308 d87d52-d87d57 call d8987e 305->308 309 d87d7c-d87d7f 307->309 310 d87d70-d87d7a 307->310 320 d87d5d call d89c96 308->320 313 d87d8d-d87d8f 309->313 314 d87d81-d87d8a call d861d0 309->314 310->309 312 d87d9d-d87dad 310->312 318 d87daf-d87db5 312->318 319 d87db7 312->319 313->308 317 d87d91-d87d9b 313->317 314->313 317->308 317->312 322 d87dbe-d87dc0 318->322 319->322 320->304 324 d87ea0-d87ea3 322->324 325 d87dc6-d87dcd 322->325 324->306 326 d87dcf-d87dd4 325->326 327 d87e13-d87e16 325->327 326->327 330 d87dd6 326->330 328 d87e18-d87e1c 327->328 329 d87e74-d87e75 call d8d41f 327->329 332 d87e3d-d87e44 328->332 333 d87e1e-d87e27 328->333 339 d87e7a-d87e7e 329->339 334 d87ddc-d87de0 330->334 335 d87ece 330->335 342 d87e48-d87e4b 332->342 343 d87e46 332->343 340 d87e29-d87e30 333->340 341 d87e32-d87e37 333->341 336 d87de2 334->336 337 d87de4-d87de7 334->337 338 d87ed2-d87edb 335->338 336->337 344 d87ea8-d87eac 337->344 345 d87ded-d87e0e call d8dc14 337->345 338->306 339->338 346 d87e80-d87e84 339->346 347 d87e39-d87e3b 340->347 341->347 342->344 348 d87e4d-d87e59 call d8dbee call d8daf8 342->348 343->342 351 d87ebe-d87ec9 call d8987e 344->351 352 d87eae-d87ebb call d861d0 344->352 357 d87e98-d87e9a 345->357 346->344 350 d87e86-d87e95 346->350 347->342 362 d87e5e-d87e63 348->362 350->357 351->320 352->351 357->324 357->325 363 d87ee0-d87ee4 362->363 364 d87e65-d87e68 362->364 363->338 364->335 365 d87e6a-d87e72 364->365 365->357
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                    • String ID:
                                    • API String ID: 4048096073-0
                                    • Opcode ID: 0aa9a3bd5abe33276f7f58df2ca21aacc7c8586512de3a1a93aa204461c8d3bd
                                    • Instruction ID: c3fd8c2509b6e6fba08e2b9dc28d6a30d3e364ebddc079884c112094049b72b9
                                    • Opcode Fuzzy Hash: 0aa9a3bd5abe33276f7f58df2ca21aacc7c8586512de3a1a93aa204461c8d3bd
                                    • Instruction Fuzzy Hash: 1751C671E08306EBCB21AF69C8846AEB7B1EF50320F3846A9F865562D1D770DD50DB70

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 366 d88b1f-d88b2f 367 d88b4e 366->367 368 d88b31-d88b35 366->368 369 d88b50-d88b54 367->369 368->367 370 d88b37-d88b3c 368->370 371 d88b3e-d88b49 call d8987e call d89c96 370->371 372 d88b55-d88b5a 370->372 371->367 372->371 374 d88b5c-d88b66 372->374 374->371 376 d88b68-d88b7b 374->376 378 d88b7d-d88b83 376->378 379 d88b85 376->379 380 d88b8c-d88b8e 378->380 379->380 381 d88c53-d88c56 380->381 382 d88b94-d88b9d 380->382 381->369 383 d88bce-d88bd1 382->383 384 d88b9f-d88ba4 382->384 385 d88c22-d88c2a call d8c33e 383->385 386 d88bd3-d88bd5 383->386 384->383 387 d88ba6 384->387 395 d88c2f-d88c34 385->395 389 d88be2-d88be8 386->389 390 d88bd7-d88be0 call d8a086 386->390 391 d88c5b 387->391 392 d88bac-d88bb0 387->392 397 d88bea-d88bf1 389->397 398 d88bf3-d88bff call d8dbee call d8e9cd 389->398 390->389 399 d88c5f 390->399 391->399 393 d88bb2 392->393 394 d88bb4-d88bcc call d88620 392->394 393->394 409 d88c1d-d88c20 394->409 395->399 401 d88c36-d88c42 395->401 397->398 411 d88c04-d88c0a 398->411 404 d88c61-d88c68 399->404 406 d88c4b-d88c4d 401->406 407 d88c44 401->407 404->369 406->381 406->382 407->406 409->406 412 d88c0c-d88c10 411->412 413 d88c6d-d88c74 411->413 414 d88c12 412->414 415 d88c14-d88c1b 412->415 413->404 414->415 415->409 415->413
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                    • String ID:
                                    • API String ID: 2782032738-0
                                    • Opcode ID: c95174d38512f38354fef84e1e188f25f592710cd9fc001e507dfbb42021f1dc
                                    • Instruction ID: 5f367fd56083844a03066ee2b23f5ac8cce7b6bf7d78dafb8759ffb852bae18e
                                    • Opcode Fuzzy Hash: c95174d38512f38354fef84e1e188f25f592710cd9fc001e507dfbb42021f1dc
                                    • Instruction Fuzzy Hash: E841D371A016049BDF24AFA9C8846AEBBB5FFC0360F68852DE45587184DF70ED41EB70

                                    Control-flow Graph

                                    Strings
                                    • %s could not be extracted!, xrefs: 00D82DC5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: htonl$_fseek_malloc
                                    • String ID: %s could not be extracted!
                                    • API String ID: 3840558997-3780421038
                                    • Opcode ID: 18c4656ead19592db59c251dc95681cfb4499ef8199ebf09ad93e74f42cab1db
                                    • Instruction ID: ed8fb316479258089cd08dd077e5b5e2b94f463707adc7d78b418c3649b950e0
                                    • Opcode Fuzzy Hash: 18c4656ead19592db59c251dc95681cfb4499ef8199ebf09ad93e74f42cab1db
                                    • Instruction Fuzzy Hash: 9001F7B3A011042BC610BA74AC86C7FB79CEE82371F240A1AF91596682DA15A80653F1

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 435 d81af0-d81b0c call d8801b 438 d81b0e-d81b12 435->438 439 d81b13-d81b1f call d87f74 435->439 441 d81b24-d81b2a 439->441 442 d81b2c-d81b31 441->442 443 d81b32-d81b48 call d87c6a 441->443
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __fread_nolock_fseek
                                    • String ID:
                                    • API String ID: 1652913822-0
                                    • Opcode ID: e68b8c8079a71e3fffbcd88c3336aa5edb79f2e207a1ab5f955c7ac30efad5e5
                                    • Instruction ID: 5b71fb1e90f4723ecab6ebbf084633482ca7959626a72df0b91495b06c6a6fab
                                    • Opcode Fuzzy Hash: e68b8c8079a71e3fffbcd88c3336aa5edb79f2e207a1ab5f955c7ac30efad5e5
                                    • Instruction Fuzzy Hash: ABF0E97264820036D610B57CBC42FBA3398EFD2730F154B49F964962C1EB50D88697B1

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 446 d9354e-d93560 CreateDirectoryA 447 d9356a 446->447 448 d93562-d93568 GetLastError 446->448 449 d9356c-d9356e 447->449 448->449 450 d9357c-d9357f 449->450 451 d93570-d9357b call d898a4 449->451
                                    APIs
                                    • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00D93558
                                    • GetLastError.KERNEL32 ref: 00D93562
                                    • __dosmaperr.LIBCMT ref: 00D93571
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CreateDirectoryErrorLast__dosmaperr
                                    • String ID:
                                    • API String ID: 42539052-0
                                    • Opcode ID: 971bf162f7b71564cdc1d5b26494f793289de9382b3cc12c5b463cfc0f1fe0c9
                                    • Instruction ID: a34b1b95234c1f8f1e3d844548e8bd59dfa8094110dfb017ccab64016afd0d2e
                                    • Opcode Fuzzy Hash: 971bf162f7b71564cdc1d5b26494f793289de9382b3cc12c5b463cfc0f1fe0c9
                                    • Instruction Fuzzy Hash: BBD05E3120430566DF602AB9AC08B273FAC9B84778B190521F61DCA1D1EE22CA218531

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 454 d87ee6-d87efa call d89e60 457 d87f2b 454->457 458 d87efc-d87eff 454->458 459 d87f2d-d87f32 call d89ea5 457->459 458->457 460 d87f01-d87f04 458->460 461 d87f33-d87f4e call d86885 call d87d2a 460->461 462 d87f06-d87f0a 460->462 474 d87f53-d87f68 call d87f6a 461->474 464 d87f1b-d87f26 call d8987e call d89c96 462->464 465 d87f0c-d87f18 call d861d0 462->465 464->457 465->464 474->459
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __lock_file_memset
                                    • String ID:
                                    • API String ID: 26237723-0
                                    • Opcode ID: 283d2a1c56ae1b2fd519852876d5e2389959abe993b4be599c8f1f71f721c6d2
                                    • Instruction ID: 53b61664ad0258de47d352f46de977cd3d9004983143f8b9688a80005ad88fb0
                                    • Opcode Fuzzy Hash: 283d2a1c56ae1b2fd519852876d5e2389959abe993b4be599c8f1f71f721c6d2
                                    • Instruction Fuzzy Hash: 8D011A71805219EBCF22BFA6C8024AEBF71EF04761F148115F968161A2D731CA62EFF1

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 478 d88aab-d88ac7 call d89e60 481 d88ac9-d88adc call d8987e call d89c96 478->481 482 d88ade-d88ae2 478->482 490 d88aeb-d88af0 call d89ea5 481->490 483 d88af1-d88afd call d86885 call d88a3e 482->483 484 d88ae4 482->484 496 d88b02-d88b12 call d88b17 483->496 487 d88ae8 484->487 487->490 496->487
                                    APIs
                                      • Part of subcall function 00D8987E: __getptd_noexit.LIBCMT ref: 00D8987E
                                    • __lock_file.LIBCMT ref: 00D88AF2
                                      • Part of subcall function 00D86885: __lock.LIBCMT ref: 00D868AA
                                    • __fclose_nolock.LIBCMT ref: 00D88AFD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                    • String ID:
                                    • API String ID: 2800547568-0
                                    • Opcode ID: 945e9d442cc901f749e024e6de59e20cbcdacd76c43a50d003759939f3035b62
                                    • Instruction ID: d73497d9937c79b335c08d88f154175e4ba43d12deac5e8a389f64874d1e98b0
                                    • Opcode Fuzzy Hash: 945e9d442cc901f749e024e6de59e20cbcdacd76c43a50d003759939f3035b62
                                    • Instruction Fuzzy Hash: 40F090709017059AD725BBB9C8127AEBAE0EF01331F648309B4A5AA0D1CF788A01AB75

                                    Control-flow Graph

                                    APIs
                                    • __lock_file.LIBCMT ref: 00D8833F
                                    • __ftell_nolock.LIBCMT ref: 00D8834C
                                      • Part of subcall function 00D8987E: __getptd_noexit.LIBCMT ref: 00D8987E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __ftell_nolock__getptd_noexit__lock_file
                                    • String ID:
                                    • API String ID: 2999321469-0
                                    • Opcode ID: fd11047db5725937561792b1dfec813758591c355fcf12bb2a793b5243cac162
                                    • Instruction ID: 88572e435501c1bce1ff01420988db3cc72728880607554e8ff38e2848209df6
                                    • Opcode Fuzzy Hash: fd11047db5725937561792b1dfec813758591c355fcf12bb2a793b5243cac162
                                    • Instruction Fuzzy Hash: F8F03070901209EADB11BFB8D8126ADBAB1EF00761F648225B055D90F1CF758542AB31
                                    APIs
                                    • __lock.LIBCMT ref: 00D93517
                                      • Part of subcall function 00D89E20: __mtinitlocknum.LIBCMT ref: 00D89E36
                                      • Part of subcall function 00D89E20: __amsg_exit.LIBCMT ref: 00D89E42
                                      • Part of subcall function 00D89E20: EnterCriticalSection.KERNEL32(?,?,?,00D8A2E6,0000000D,?,00D8C5B0,00D81893,00D81893,?), ref: 00D89E4A
                                    • __putenv_helper.LIBCMT ref: 00D93526
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CriticalEnterSection__amsg_exit__lock__mtinitlocknum__putenv_helper
                                    • String ID:
                                    • API String ID: 3478967859-0
                                    • Opcode ID: d3ca1b8d772e7269734ea57adcc870fe41c0ee79af99389fa8df3117fcc850aa
                                    • Instruction ID: c0143e19d76143de2d0d23ff0e49a755cbf72608f606793cd96b91a2d9af56be
                                    • Opcode Fuzzy Hash: d3ca1b8d772e7269734ea57adcc870fe41c0ee79af99389fa8df3117fcc850aa
                                    • Instruction Fuzzy Hash: 36E01271945308AAEF15FBE4DC13B9DFBA1EF40721F204109B054690D1CF785641DB39
                                    APIs
                                    • __lock.LIBCMT ref: 00D91695
                                      • Part of subcall function 00D89E20: __mtinitlocknum.LIBCMT ref: 00D89E36
                                      • Part of subcall function 00D89E20: __amsg_exit.LIBCMT ref: 00D89E42
                                      • Part of subcall function 00D89E20: EnterCriticalSection.KERNEL32(?,?,?,00D8A2E6,0000000D,?,00D8C5B0,00D81893,00D81893,?), ref: 00D89E4A
                                    • __tzset_nolock.LIBCMT ref: 00D916A6
                                      • Part of subcall function 00D90F9C: __lock.LIBCMT ref: 00D90FBE
                                      • Part of subcall function 00D90F9C: ____lc_codepage_func.LIBCMT ref: 00D91005
                                      • Part of subcall function 00D90F9C: __getenv_helper_nolock.LIBCMT ref: 00D91027
                                      • Part of subcall function 00D90F9C: _free.LIBCMT ref: 00D9105E
                                      • Part of subcall function 00D90F9C: _strlen.LIBCMT ref: 00D91065
                                      • Part of subcall function 00D90F9C: __malloc_crt.LIBCMT ref: 00D9106C
                                      • Part of subcall function 00D90F9C: _strlen.LIBCMT ref: 00D91082
                                      • Part of subcall function 00D90F9C: _strcpy_s.LIBCMT ref: 00D91090
                                      • Part of subcall function 00D90F9C: __invoke_watson.LIBCMT ref: 00D910A5
                                      • Part of subcall function 00D90F9C: _free.LIBCMT ref: 00D910B4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                    • String ID:
                                    • API String ID: 1828324828-0
                                    • Opcode ID: 1111b7466079ca46823ddb716cceb1183a8df99763743436e71bca524a42e8b9
                                    • Instruction ID: 7d0bb078cc934b25ec5444108f5150113c9cf259813b6abacd604636121b0fed
                                    • Opcode Fuzzy Hash: 1111b7466079ca46823ddb716cceb1183a8df99763743436e71bca524a42e8b9
                                    • Instruction Fuzzy Hash: 1EE0EC34A827269ADB32BFA5A81295CF562EF14B22B18525AB491651D2CB700541CFB1
                                    APIs
                                    • __lock_file.LIBCMT ref: 00D88CB5
                                      • Part of subcall function 00D8987E: __getptd_noexit.LIBCMT ref: 00D8987E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __getptd_noexit__lock_file
                                    • String ID:
                                    • API String ID: 2597487223-0
                                    • Opcode ID: 282b57f2f01fe54c05b0c6217c3bce4de93d933b6403c6ff4f2e3e57a3a26a03
                                    • Instruction ID: c62e096f101bfc8a773db1c2c439900beaaa67669a9a450e50c1f329a8cf22a6
                                    • Opcode Fuzzy Hash: 282b57f2f01fe54c05b0c6217c3bce4de93d933b6403c6ff4f2e3e57a3a26a03
                                    • Instruction Fuzzy Hash: 15F062B0802219EBCF12BFA4CD025AEBBB1EF40711F448515F4545A099CB358960EBB1
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __fsopen
                                    • String ID:
                                    • API String ID: 3646066109-0
                                    • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                    • Instruction ID: f30ecca890138846d01156bb9593228b8b09640a3c11b6f0524dac76dfdb7798
                                    • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                    • Instruction Fuzzy Hash: 77C09B7244010C77CF113982DC02F493F19D7C1770F454020FB1C191719973F5619695
                                    APIs
                                    • _malloc.LIBCMT ref: 00D8530A
                                      • Part of subcall function 00D880E7: __FF_MSGBANNER.LIBCMT ref: 00D88100
                                      • Part of subcall function 00D880E7: __NMSG_WRITE.LIBCMT ref: 00D88107
                                      • Part of subcall function 00D880E7: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00D89ECA,?,00000001,?,?,00D89DAB,00000018,00D99828,0000000C,00D89E3B), ref: 00D8812C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AllocateHeap_malloc
                                    • String ID:
                                    • API String ID: 501242067-0
                                    • Opcode ID: a035530523da1a67c64debc39f0330fb4e34a65853a646a4061be260777e27a8
                                    • Instruction ID: 0e762936da8b9a5bea3f42ba4f5aaa8ebe5f7f3767f0cfc5194249b6ad8bc2ee
                                    • Opcode Fuzzy Hash: a035530523da1a67c64debc39f0330fb4e34a65853a646a4061be260777e27a8
                                    • Instruction Fuzzy Hash: 64B012B78043016BC504E650E58280BB7D8EEE0340FC0C814F04886021D535E1089723
                                    APIs
                                    • _free.LIBCMT ref: 00D85325
                                      • Part of subcall function 00D86E44: RtlFreeHeap.NTDLL(00000000,00000000,?,00D8A3BA,00000000,?,00D8C5B0,00D81893,00D81893), ref: 00D86E5A
                                      • Part of subcall function 00D86E44: GetLastError.KERNEL32(00000000,?,00D8A3BA,00000000,?,00D8C5B0,00D81893,00D81893), ref: 00D86E6C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorFreeHeapLast_free
                                    • String ID:
                                    • API String ID: 1353095263-0
                                    • Opcode ID: ac96e76b54c773f91363d59c58b5a41ffc530ba00e5e18476c3da74724b098b0
                                    • Instruction ID: 7004e760fba365144f450c89d0df3d6ca4eca89c0f5ccdf7cec01e02161346c5
                                    • Opcode Fuzzy Hash: ac96e76b54c773f91363d59c58b5a41ffc530ba00e5e18476c3da74724b098b0
                                    • Instruction Fuzzy Hash: D9A002AA605601A68906B7B4D445C4B6798DA84261B248849B14686851CA34D8909735
                                    APIs
                                    • GetProcAddress.KERNEL32(00D823CC,Py_FrozenFlag), ref: 00D81DB2
                                    • GetProcAddress.KERNEL32(00D823CC,Py_NoSiteFlag), ref: 00D81DD6
                                      • Part of subcall function 00D81860: _vswprintf_s.LIBCMT ref: 00D8188E
                                      • Part of subcall function 00D81860: MessageBoxA.USER32 ref: 00D818AC
                                    Strings
                                    • PyEval_InitThreads, xrefs: 00D821B6
                                    • Py_IncRef, xrefs: 00D81E84
                                    • PyFile_FromString, xrefs: 00D8202A
                                    • Cannot GetProcAddress for PyImport_ExecCodeModule, xrefs: 00D81EAF
                                    • Cannot GetProcAddress for PyFile_FromString, xrefs: 00D8203B
                                    • PyEval_AcquireThread, xrefs: 00D821DA
                                    • Py_FrozenFlag, xrefs: 00D81DAC
                                    • PyModule_GetDict, xrefs: 00D82096
                                    • Cannot GetProcAddress for PyModule_GetDict, xrefs: 00D820A7
                                    • Cannot GetProcAddress for PySys_SetObject, xrefs: 00D822C3
                                    • PyErr_Occurred, xrefs: 00D82102
                                    • Cannot GetProcAddress for PySys_SetArgv, xrefs: 00D81F1B
                                    • PyEval_ReleaseThread, xrefs: 00D821FE
                                    • PyDict_GetItemString, xrefs: 00D820BA
                                    • PyString_AsString, xrefs: 00D8204E
                                    • Py_VerboseFlag, xrefs: 00D81E18
                                    • Py_Finalize, xrefs: 00D81E60
                                    • PyObject_CallFunction, xrefs: 00D82072
                                    • PyImport_AddModule, xrefs: 00D81F76
                                    • Cannot GetProcAddress for PySys_AddWarnOption, xrefs: 00D821A3
                                    • Cannot GetProcAddress for PyEval_InitThreads, xrefs: 00D821C7
                                    • PyObject_CallObject, xrefs: 00D8214A
                                    • PyList_New, xrefs: 00D81FBE
                                    • PySys_AddWarnOption, xrefs: 00D82192
                                    • PyInt_AsLong, xrefs: 00D8228E
                                    • Cannot GetProcAddress for Py_OptimizeFlag, xrefs: 00D81E05
                                    • Cannot GetProcAddress for PyThreadState_Swap, xrefs: 00D82233
                                    • Cannot GetProcAddress for PyObject_SetAttrString, xrefs: 00D81FAB
                                    • Cannot GetProcAddress for PyEval_AcquireThread, xrefs: 00D821EB
                                    • PyList_Append, xrefs: 00D81FE2
                                    • Py_OptimizeFlag, xrefs: 00D81DF4
                                    • Cannot GetProcAddress for PyObject_CallMethod, xrefs: 00D8217F
                                    • Cannot GetProcAddress for PyErr_Print, xrefs: 00D82137
                                    • Cannot GetProcAddress for Py_BuildValue, xrefs: 00D82017
                                    • PyObject_CallMethod, xrefs: 00D8216E
                                    • Cannot GetProcAddress for Py_Initialize, xrefs: 00D81E4D
                                    • PyThreadState_Swap, xrefs: 00D82222
                                    • Cannot GetProcAddress for PyObject_CallFunction, xrefs: 00D82083
                                    • Cannot GetProcAddress for PyErr_Occurred, xrefs: 00D82113
                                    • PyImport_ExecCodeModule, xrefs: 00D81E99
                                    • Cannot GetProcAddress for Py_NoSiteFlag, xrefs: 00D81DE1
                                    • Cannot GetProcAddress for PyObject_CallObject, xrefs: 00D8215B
                                    • PyErr_Print, xrefs: 00D82126
                                    • Cannot GetProcAddress for Py_VerboseFlag, xrefs: 00D81E29
                                    • PyRun_SimpleString, xrefs: 00D81EC2
                                    • Cannot GetProcAddress for PyErr_Clear, xrefs: 00D820EF
                                    • Cannot GetProcAddress for PyString_FromStringAndSize, xrefs: 00D81EF7
                                    • Py_Initialize, xrefs: 00D81E3C
                                    • Py_EndInterpreter, xrefs: 00D8226A
                                    • Cannot GetProcAddress for PyString_AsString, xrefs: 00D8205F
                                    • Cannot GetProcAddress for Py_Finalize, xrefs: 00D81E71
                                    • Cannot GetProcAddress for PyDict_GetItemString, xrefs: 00D820CB
                                    • Py_BuildValue, xrefs: 00D82006
                                    • Cannot GetProcAddress for PyEval_ReleaseThread, xrefs: 00D8220F
                                    • Cannot GetProcAddress for PyRun_SimpleString, xrefs: 00D81ED3
                                    • Cannot GetProcAddress for Py_SetProgramName, xrefs: 00D81F3F
                                    • PySys_SetObject, xrefs: 00D822B2
                                    • Cannot GetProcAddress for Py_NewInterpreter, xrefs: 00D82257
                                    • PyErr_Clear, xrefs: 00D820DE
                                    • Cannot GetProcAddress for PyImport_ImportModule, xrefs: 00D81F63
                                    • Cannot GetProcAddress for PyList_Append, xrefs: 00D81FF3
                                    • PySys_SetArgv, xrefs: 00D81F0A
                                    • Cannot GetProcAddress for PyInt_AsLong, xrefs: 00D8229F
                                    • Cannot GetProcAddress for PyImport_AddModule, xrefs: 00D81F87
                                    • Py_NewInterpreter, xrefs: 00D82246
                                    • Py_DecRef, xrefs: 00D81E8C
                                    • Cannot GetProcAddress for PyList_New, xrefs: 00D81FCF
                                    • Cannot GetProcAddress for Py_FrozenFlag, xrefs: 00D81DBD
                                    • Py_NoSiteFlag, xrefs: 00D81DD0
                                    • PyString_FromStringAndSize, xrefs: 00D81EE6
                                    • Cannot GetProcAddress for Py_EndInterpreter, xrefs: 00D8227B
                                    • Py_SetProgramName, xrefs: 00D81F2E
                                    • PyImport_ImportModule, xrefs: 00D81F52
                                    • PyObject_SetAttrString, xrefs: 00D81F9A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AddressProc$Message_vswprintf_s
                                    • String ID: Cannot GetProcAddress for PyDict_GetItemString$Cannot GetProcAddress for PyErr_Clear$Cannot GetProcAddress for PyErr_Occurred$Cannot GetProcAddress for PyErr_Print$Cannot GetProcAddress for PyEval_AcquireThread$Cannot GetProcAddress for PyEval_InitThreads$Cannot GetProcAddress for PyEval_ReleaseThread$Cannot GetProcAddress for PyFile_FromString$Cannot GetProcAddress for PyImport_AddModule$Cannot GetProcAddress for PyImport_ExecCodeModule$Cannot GetProcAddress for PyImport_ImportModule$Cannot GetProcAddress for PyInt_AsLong$Cannot GetProcAddress for PyList_Append$Cannot GetProcAddress for PyList_New$Cannot GetProcAddress for PyModule_GetDict$Cannot GetProcAddress for PyObject_CallFunction$Cannot GetProcAddress for PyObject_CallMethod$Cannot GetProcAddress for PyObject_CallObject$Cannot GetProcAddress for PyObject_SetAttrString$Cannot GetProcAddress for PyRun_SimpleString$Cannot GetProcAddress for PyString_AsString$Cannot GetProcAddress for PyString_FromStringAndSize$Cannot GetProcAddress for PySys_AddWarnOption$Cannot GetProcAddress for PySys_SetArgv$Cannot GetProcAddress for PySys_SetObject$Cannot GetProcAddress for PyThreadState_Swap$Cannot GetProcAddress for Py_BuildValue$Cannot GetProcAddress for Py_EndInterpreter$Cannot GetProcAddress for Py_Finalize$Cannot GetProcAddress for Py_FrozenFlag$Cannot GetProcAddress for Py_Initialize$Cannot GetProcAddress for Py_NewInterpreter$Cannot GetProcAddress for Py_NoSiteFlag$Cannot GetProcAddress for Py_OptimizeFlag$Cannot GetProcAddress for Py_SetProgramName$Cannot GetProcAddress for Py_VerboseFlag$PyDict_GetItemString$PyErr_Clear$PyErr_Occurred$PyErr_Print$PyEval_AcquireThread$PyEval_InitThreads$PyEval_ReleaseThread$PyFile_FromString$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyInt_AsLong$PyList_Append$PyList_New$PyModule_GetDict$PyObject_CallFunction$PyObject_CallMethod$PyObject_CallObject$PyObject_SetAttrString$PyRun_SimpleString$PyString_AsString$PyString_FromStringAndSize$PySys_AddWarnOption$PySys_SetArgv$PySys_SetObject$PyThreadState_Swap$Py_BuildValue$Py_DecRef$Py_EndInterpreter$Py_Finalize$Py_FrozenFlag$Py_IncRef$Py_Initialize$Py_NewInterpreter$Py_NoSiteFlag$Py_OptimizeFlag$Py_SetProgramName$Py_VerboseFlag
                                    • API String ID: 988486224-3415648215
                                    • Opcode ID: 264f00a430acad57a0d69409fbbbc89874aa297bf708e9e6757517b58a58f63c
                                    • Instruction ID: f43a5f7ecd445c6b80706779df34eb7a321f30c352257fb8a7a48654ad92d146
                                    • Opcode Fuzzy Hash: 264f00a430acad57a0d69409fbbbc89874aa297bf708e9e6757517b58a58f63c
                                    • Instruction Fuzzy Hash: 4FD1E3B6A54716698B1137BE7C07D8A729C4FA1778B051333F425D02E3FB90C58B46BA
                                    APIs
                                    • _memset.LIBCMT ref: 00D81028
                                    • GetVersionExA.KERNEL32 ref: 00D8103D
                                    • _strrchr.LIBCMT ref: 00D8108D
                                    • _strrchr.LIBCMT ref: 00D8109C
                                    • LoadLibraryA.KERNEL32(kernel32,?,?,?,?), ref: 00D8110C
                                    • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 00D81120
                                    • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 00D8112A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AddressProc_strrchr$LibraryLoadVersion_memset
                                    • String ID: $.manifest$ActivateActCtx$CreateActCtxA$kernel32
                                    • API String ID: 2635623052-584618098
                                    • Opcode ID: a3bca8def20de53727b182e5176b2e0763e8f5061cc4abb97d922cc5169b838d
                                    • Instruction ID: 22b6433d06d18ad2bae68461a20fd43b7d38213ad926ac1f8e281a8dc61f2c66
                                    • Opcode Fuzzy Hash: a3bca8def20de53727b182e5176b2e0763e8f5061cc4abb97d922cc5169b838d
                                    • Instruction Fuzzy Hash: A241F3749043418FD720EF28D815BABBBE4EF89350F044A1EE499D3291E731D84ACBA2
                                    APIs
                                    • IsDebuggerPresent.KERNEL32 ref: 00D89476
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D8948B
                                    • UnhandledExceptionFilter.KERNEL32(00D97C8C), ref: 00D89496
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00D894B2
                                    • TerminateProcess.KERNEL32(00000000), ref: 00D894B9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                    • String ID:
                                    • API String ID: 2579439406-0
                                    • Opcode ID: 59bf466a734dc6b4271dd8cadb2aed0f216c15006f84b741997a376c50e9fc8b
                                    • Instruction ID: 34e8c7769c837df2a128df31758e9b3f39d14f97e08fe9dd0d082a8e1587a772
                                    • Opcode Fuzzy Hash: 59bf466a734dc6b4271dd8cadb2aed0f216c15006f84b741997a376c50e9fc8b
                                    • Instruction Fuzzy Hash: 9C21AEB4A253049FC710DFA8F9A9A647BA4FB48314F91601BE608C7361E7B069858F76
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memmove
                                    • String ID:
                                    • API String ID: 4104443479-0
                                    • Opcode ID: 890c59bad751d85dd40b10a40575852bbd1ff290ade9b0be206d7058d3ae6801
                                    • Instruction ID: 005d76b5a4b21a439da5a7ac7ad9a25bb4e5b3781132cfa81785eb9aadec915f
                                    • Opcode Fuzzy Hash: 890c59bad751d85dd40b10a40575852bbd1ff290ade9b0be206d7058d3ae6801
                                    • Instruction Fuzzy Hash: 96329B706047029FD718EF29C89472AB7E1FF88304F184A2DE8998B785D375E995CBE1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @
                                    • API String ID: 0-2766056989
                                    • Opcode ID: e73b3070bc9b0e634a493e5109061ca4863c73e2ef62bcb2859a60e216587366
                                    • Instruction ID: 1f8322b2dcbc3390ec240bdac538106086378181d5dc9c370c363e220d1bd38b
                                    • Opcode Fuzzy Hash: e73b3070bc9b0e634a493e5109061ca4863c73e2ef62bcb2859a60e216587366
                                    • Instruction Fuzzy Hash: 80E17A75A087418FC724EF28E08066AB7F1FF98314F58492EE4D687354E775E849CBA2
                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0000EAA1), ref: 00D8EAE8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: be798386f9090064e84bd5715d200e6b8d6564182b400029e28a162ff0b4a1a5
                                    • Instruction ID: 4a1c1333b8521d25445689c539db883f037fc2b5b9ab03fe09984d4417166700
                                    • Opcode Fuzzy Hash: be798386f9090064e84bd5715d200e6b8d6564182b400029e28a162ff0b4a1a5
                                    • Instruction Fuzzy Hash: B59002A42923005E461427715D0D90526906F68A1275104516245C8156DA5040055A71
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e1efc100b843b5fd683f0801d57041bb2377eee2a32359c9393f9e4aac316b02
                                    • Instruction ID: 2d8b643f294d0f3c79bc842960a20cd1a22ebd57bcd26920526d52cece5fc3ab
                                    • Opcode Fuzzy Hash: e1efc100b843b5fd683f0801d57041bb2377eee2a32359c9393f9e4aac316b02
                                    • Instruction Fuzzy Hash: 4D52D270A04B139BC708DF15D89066AB7E2FFC8304F18862DE8964BB88D775E915CBE1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0b36d54bb9616d8822f02b25a529ecd55a7919e59a0cf36b6ade3b5657bc5fd9
                                    • Instruction ID: 3c5f605543f8271e913d82eb3726be6b7bc8cb6411d731bc41823bf21d3b866f
                                    • Opcode Fuzzy Hash: 0b36d54bb9616d8822f02b25a529ecd55a7919e59a0cf36b6ade3b5657bc5fd9
                                    • Instruction Fuzzy Hash: DBE1F530608B518FC708DF28D88056AFBE2EFC5310F588A6DE8D58B34AD775D94ACB61
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 25e7aff7d104da4b7c682abd5cd5c4557f9319d091974751c7075aa7a9b67942
                                    • Instruction ID: cefb34c1dc04bb684d45c99984895052c37ad1efaff6b82563ce4a056a9a5517
                                    • Opcode Fuzzy Hash: 25e7aff7d104da4b7c682abd5cd5c4557f9319d091974751c7075aa7a9b67942
                                    • Instruction Fuzzy Hash: 40611D36655BA34BE351CEEDFCC07263352E789301F198572CA00C77AAD639E96397A0
                                    APIs
                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00D892CE), ref: 00D8A51A
                                    • __mtterm.LIBCMT ref: 00D8A526
                                      • Part of subcall function 00D8A25F: DecodePointer.KERNEL32(00000004,00D8A688,?,00D892CE), ref: 00D8A270
                                      • Part of subcall function 00D8A25F: TlsFree.KERNEL32(00000003,00D8A688,?,00D892CE), ref: 00D8A28A
                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00D8A53C
                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00D8A549
                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00D8A556
                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00D8A563
                                    • TlsAlloc.KERNEL32(?,00D892CE), ref: 00D8A5B3
                                    • TlsSetValue.KERNEL32(00000000,?,00D892CE), ref: 00D8A5CE
                                    • __init_pointers.LIBCMT ref: 00D8A5D8
                                    • EncodePointer.KERNEL32(?,00D892CE), ref: 00D8A5E9
                                    • EncodePointer.KERNEL32(?,00D892CE), ref: 00D8A5F6
                                    • EncodePointer.KERNEL32(?,00D892CE), ref: 00D8A603
                                    • EncodePointer.KERNEL32(?,00D892CE), ref: 00D8A610
                                    • DecodePointer.KERNEL32(00D8A3E3,?,00D892CE), ref: 00D8A631
                                    • __calloc_crt.LIBCMT ref: 00D8A646
                                    • DecodePointer.KERNEL32(00000000,?,00D892CE), ref: 00D8A660
                                    • __initptd.LIBCMT ref: 00D8A66B
                                    • GetCurrentThreadId.KERNEL32 ref: 00D8A672
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Pointer$AddressEncodeProc$Decode$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                    • API String ID: 3732613303-3819984048
                                    • Opcode ID: a397c6bdcf3c5f8bd1eb152b0f806b834974328ac77914d513dee0fea8b59168
                                    • Instruction ID: a2b25ac181352b8299536fa11c503fa5ada07aebdf63ff06bf4c9bbfd8f89077
                                    • Opcode Fuzzy Hash: a397c6bdcf3c5f8bd1eb152b0f806b834974328ac77914d513dee0fea8b59168
                                    • Instruction Fuzzy Hash: 8C316D319143119FDB21BBFABD19A1A3BA4EB44760719161BE414D33B0EB708841CF71
                                    APIs
                                      • Part of subcall function 00D82E10: _strtok.LIBCMT ref: 00D82E43
                                      • Part of subcall function 00D82E10: _strtok.LIBCMT ref: 00D82E61
                                    • _free.LIBCMT ref: 00D83289
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _strtok$_free
                                    • String ID: %s%s$%s%s.exe$%s%s.pkg$%s../%s/%s$%s/%s/%s$Archive not found: %s$Error coping %s$Error extracting %s
                                    • API String ID: 2839329321-3929896450
                                    • Opcode ID: 7b4117786bc01d77c54c408be093fae433a3d652f185da1b4302f0b19db5b4e9
                                    • Instruction ID: def36500c7c03cf8a6544df05cdf85039b272495a7ae67657812ca664361051b
                                    • Opcode Fuzzy Hash: 7b4117786bc01d77c54c408be093fae433a3d652f185da1b4302f0b19db5b4e9
                                    • Instruction Fuzzy Hash: E251C9B16002456BD724F664EC86FBF7398EF84724F440A28F55D921C6EB34EA0A8773
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _sprintf
                                    • String ID: Error detected starting Python VM.$PYTHONHOME=$PYTHONPATH=$argv$del sys.path[:]$import sys$sys$sys.path.append(r"%s")
                                    • API String ID: 1467051239-2633247240
                                    • Opcode ID: 6d3f05441fd2eb32a41ce6319a9a56c30185d7454321c773b4ced1882b4a1d85
                                    • Instruction ID: 618644681464c8becf5220a97803bd9af79ec1c8c37872fc3e3395946ffa5823
                                    • Opcode Fuzzy Hash: 6d3f05441fd2eb32a41ce6319a9a56c30185d7454321c773b4ced1882b4a1d85
                                    • Instruction Fuzzy Hash: 4F9108356083419FCB15EF78AC6997A7BE2FB89300F48496AE4CAC7311EA31990DC775
                                    APIs
                                    • htonl.WS2_32(?), ref: 00D8286E
                                    • _malloc.LIBCMT ref: 00D8288D
                                    • _sprintf.LIBCMT ref: 00D8289C
                                    • _free.LIBCMT ref: 00D828BB
                                    • _free.LIBCMT ref: 00D828C5
                                      • Part of subcall function 00D86E44: RtlFreeHeap.NTDLL(00000000,00000000,?,00D8A3BA,00000000,?,00D8C5B0,00D81893,00D81893), ref: 00D86E5A
                                      • Part of subcall function 00D86E44: GetLastError.KERNEL32(00000000,?,00D8A3BA,00000000,?,00D8C5B0,00D81893,00D81893), ref: 00D86E6C
                                    • htonl.WS2_32 ref: 00D828D4
                                    Strings
                                    • Cannot read Table of Contents., xrefs: 00D828E0
                                    • Error in command: %s, xrefs: 00D828B0
                                    • sys.path.append(r"%s?%d"), xrefs: 00D82896
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _freehtonl$ErrorFreeHeapLast_malloc_sprintf
                                    • String ID: Cannot read Table of Contents.$Error in command: %s$sys.path.append(r"%s?%d")
                                    • API String ID: 2833466959-165874128
                                    • Opcode ID: 3f38fa4f9b3fdcb20cecf13296476230770ef9975f5b116d636627b1915c8bed
                                    • Instruction ID: 6fe661f69474e872104b5ebffbb95c97acb10d112716d8a2da19a69b810e6760
                                    • Opcode Fuzzy Hash: 3f38fa4f9b3fdcb20cecf13296476230770ef9975f5b116d636627b1915c8bed
                                    • Instruction Fuzzy Hash: 7B119E75A04309BBCF14BB64DC86DAF37A8DF51760F088421F8059B207EA35EE0987B6
                                    APIs
                                    • _memset.LIBCMT ref: 00D81217
                                    • GetVersionExA.KERNEL32(00000094), ref: 00D81230
                                    • LoadLibraryA.KERNEL32(kernel32), ref: 00D81251
                                    • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 00D81265
                                    • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 00D8126F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoadVersion_memset
                                    • String ID: DeactivateActCtx$ReleaseActCtx$kernel32
                                    • API String ID: 2092449930-1839690250
                                    • Opcode ID: 3f25e3a6af69b5c4f15ae28f4a3f7cdc2e98ea3d1a885eac169745074c5a3c85
                                    • Instruction ID: 6025686c6009efa57a330932289b7af894c57683c3a2499b8202186cee949954
                                    • Opcode Fuzzy Hash: 3f25e3a6af69b5c4f15ae28f4a3f7cdc2e98ea3d1a885eac169745074c5a3c85
                                    • Instruction Fuzzy Hash: 9621C571E00308AFDB20EBA4DC46F6BB7B8FB49720F100259E519D3281D774990A8B75
                                    APIs
                                    • htonl.WS2_32(?), ref: 00D82332
                                    • _sprintf.LIBCMT ref: 00D8234B
                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,00000000), ref: 00D82362
                                    • _sprintf.LIBCMT ref: 00D8237A
                                      • Part of subcall function 00D87BE6: __output_l.LIBCMT ref: 00D87C41
                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,00000000), ref: 00D8238B
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00D82391
                                      • Part of subcall function 00D81860: _vswprintf_s.LIBCMT ref: 00D8188E
                                      • Part of subcall function 00D81860: MessageBoxA.USER32 ref: 00D818AC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: LibraryLoad_sprintf$ErrorLastMessage__output_l_vswprintf_shtonl
                                    • String ID: %spython%02d.dll$Error loading Python DLL: %s (error code %d)
                                    • API String ID: 2254035216-2637976037
                                    • Opcode ID: d08bd32ac7ca203b287d732248822ba99cc85b3732e0d795a057e546d28c1dd7
                                    • Instruction ID: 70a9a74fefe4322411333a40fb8d9933031b591ad920c285c042a142e5db7249
                                    • Opcode Fuzzy Hash: d08bd32ac7ca203b287d732248822ba99cc85b3732e0d795a057e546d28c1dd7
                                    • Instruction Fuzzy Hash: 6E119672A043006BD620FB649C86FEB73ACDFD5710F414919B699D7182EA65E90887B3
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: htonl$_free
                                    • String ID: Cannot read Table of Contents.$loads$marshal$mod is NULL - %s
                                    • API String ID: 1049311472-3651073140
                                    • Opcode ID: 008b857311edb6b05c8f74616b352e1ed43a5bed6325e65cba0a46da708614b6
                                    • Instruction ID: bf84bfa667db909117fd9bc18a161ea9cd196a9f4ceb14618720bfcc8558a5f3
                                    • Opcode Fuzzy Hash: 008b857311edb6b05c8f74616b352e1ed43a5bed6325e65cba0a46da708614b6
                                    • Instruction Fuzzy Hash: 98216F72A40304BFCB14BFB8DC4E9AB77ACEF44755B084519F88AD7202D634EA058BB5
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __fread_nolock_fseek$__fseek_nolock__lock_file
                                    • String ID:
                                    • API String ID: 1222002589-0
                                    • Opcode ID: 892144226d25728ba901e6da32994d905056ce9106278fa86871c00e99f72996
                                    • Instruction ID: fb5a02bc51fe0b5617892308a03acd222b5d4f21dbb63b4352c5f769429488e1
                                    • Opcode Fuzzy Hash: 892144226d25728ba901e6da32994d905056ce9106278fa86871c00e99f72996
                                    • Instruction Fuzzy Hash: 882145B46443006BE720FB58CC42F6673ACDF84B50F544A09FAC09B2C5D6B5E98ACB76
                                    APIs
                                    • htonl.WS2_32(00000000), ref: 00D83614
                                      • Part of subcall function 00D82A00: htonl.WS2_32(?), ref: 00D82A0D
                                      • Part of subcall function 00D82A00: _fseek.LIBCMT ref: 00D82A1D
                                      • Part of subcall function 00D82A00: htonl.WS2_32(?), ref: 00D82A29
                                      • Part of subcall function 00D82A00: _malloc.LIBCMT ref: 00D82A2F
                                    • _free.LIBCMT ref: 00D83604
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: htonl$_free_fseek_malloc
                                    • String ID: .py$Cannot read Table of Contents.$__file__$__main__
                                    • API String ID: 3298627973-3394266274
                                    • Opcode ID: 1c7ce5d8a82a6f78e69dc83bf3c376528dede2e48b1374251c20eec125de4fdf
                                    • Instruction ID: b5709b90b354183bc0d7c63d5836654fcf41643a9e1d6c7dea4343baab8297ee
                                    • Opcode Fuzzy Hash: 1c7ce5d8a82a6f78e69dc83bf3c376528dede2e48b1374251c20eec125de4fdf
                                    • Instruction Fuzzy Hash: 4B31E071504346AFCB11EF28DC459ABBBE4EF55700F044969F48A87302E631EA198BB6
                                    APIs
                                    • __getptd.LIBCMT ref: 00D8F853
                                      • Part of subcall function 00D8A3C9: __getptd_noexit.LIBCMT ref: 00D8A3CC
                                      • Part of subcall function 00D8A3C9: __amsg_exit.LIBCMT ref: 00D8A3D9
                                    • __amsg_exit.LIBCMT ref: 00D8F873
                                    • __lock.LIBCMT ref: 00D8F883
                                    • InterlockedDecrement.KERNEL32(?), ref: 00D8F8A0
                                    • _free.LIBCMT ref: 00D8F8B3
                                    • InterlockedIncrement.KERNEL32(00CE1688), ref: 00D8F8CB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                    • String ID:
                                    • API String ID: 3470314060-0
                                    • Opcode ID: e72186332faaf8df3dede22bc55c5cff343a88cb77d8a8ad70bed802db1ccb45
                                    • Instruction ID: d084c8e1b65aa59257dc942f3cf763d0ca6c6ac4f2dd3056fc785b56f1595e13
                                    • Opcode Fuzzy Hash: e72186332faaf8df3dede22bc55c5cff343a88cb77d8a8ad70bed802db1ccb45
                                    • Instruction Fuzzy Hash: AE01A172D01B14EBDB22BB65A84575DB770FF00B20F0A0126F805A7391CB349941DBF1
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __setmodehtonl
                                    • String ID: Cannot read Table of Contents.$Po`$R$=
                                    • API String ID: 836920975-1205120962
                                    • Opcode ID: 218874d890c3251fefe956f0465867b78f30e68ce7a9edbf4dbe4328b71374c0
                                    • Instruction ID: 0efc6c16633d8245edfdc04d2f7d9a7453df24b1b584639f8b28827efaa53fa0
                                    • Opcode Fuzzy Hash: 218874d890c3251fefe956f0465867b78f30e68ce7a9edbf4dbe4328b71374c0
                                    • Instruction Fuzzy Hash: 521126B1804704AFDB20BB6CED42A3AB3A8EF21321F084515E89997282D731F85597F6
                                    APIs
                                    • _malloc.LIBCMT ref: 00D8F105
                                      • Part of subcall function 00D880E7: __FF_MSGBANNER.LIBCMT ref: 00D88100
                                      • Part of subcall function 00D880E7: __NMSG_WRITE.LIBCMT ref: 00D88107
                                      • Part of subcall function 00D880E7: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00D89ECA,?,00000001,?,?,00D89DAB,00000018,00D99828,0000000C,00D89E3B), ref: 00D8812C
                                    • _free.LIBCMT ref: 00D8F118
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AllocateHeap_free_malloc
                                    • String ID:
                                    • API String ID: 1020059152-0
                                    • Opcode ID: 34d0416883906a4330de904f998dd0f8c593dfb2b967b2df8de84c7c822ba632
                                    • Instruction ID: b7f2b0976d9db034e48d32dd3c3ce2a5fd68a4c7085d347c75407635496807f3
                                    • Opcode Fuzzy Hash: 34d0416883906a4330de904f998dd0f8c593dfb2b967b2df8de84c7c822ba632
                                    • Instruction Fuzzy Hash: 6C115432505711EBCB317BB4EC09A6A3AA5DB453A0B284536F999DA261DF34C84197B0
                                    APIs
                                    • __getptd.LIBCMT ref: 00D8F5B7
                                      • Part of subcall function 00D8A3C9: __getptd_noexit.LIBCMT ref: 00D8A3CC
                                      • Part of subcall function 00D8A3C9: __amsg_exit.LIBCMT ref: 00D8A3D9
                                    • __getptd.LIBCMT ref: 00D8F5CE
                                    • __amsg_exit.LIBCMT ref: 00D8F5DC
                                    • __lock.LIBCMT ref: 00D8F5EC
                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 00D8F600
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                    • String ID:
                                    • API String ID: 938513278-0
                                    • Opcode ID: 8c1c16fe169d5a238d4bc3e65198a352b249fcf84e34407de7aadfb6e458b46e
                                    • Instruction ID: ca1b3056d7590a612df30ed206cdbe3d6ec82903b596d2fd41b8709bfd9a5ea3
                                    • Opcode Fuzzy Hash: 8c1c16fe169d5a238d4bc3e65198a352b249fcf84e34407de7aadfb6e458b46e
                                    • Instruction Fuzzy Hash: ABF09032901710DBE722FFB8E80375D7790EF00721F2A015AF445A62D2CB6459409B76
                                    APIs
                                    Strings
                                    • Error allocating memory for status, xrefs: 00D830D9
                                    • Error openning archive %s, xrefs: 00D83178
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _calloc
                                    • String ID: Error allocating memory for status$Error openning archive %s
                                    • API String ID: 1679841372-1353203122
                                    • Opcode ID: c2a12c771e47f35b9accc74fa0c353c6f9ec219e5e3560c3a044115ad09b795b
                                    • Instruction ID: a83aa7af91b0f0554f215dda55300204d97809ff10315d0786bfb857cf70fcf1
                                    • Opcode Fuzzy Hash: c2a12c771e47f35b9accc74fa0c353c6f9ec219e5e3560c3a044115ad09b795b
                                    • Instruction Fuzzy Hash: F1412A366042858BD721AE28D8917E27B95DF97B54F0C45B0E9CDCB351E322EA0DC772
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __findfirst64i32__findnext64i32
                                    • String ID:
                                    • API String ID: 525055948-0
                                    • Opcode ID: 6b9d43fcff3a956197c6ecf246e10df2a7ad8e3823803f27a5bd0ef177e5a397
                                    • Instruction ID: 89d389d8eb34f38e64ee7f727465f06aa6aa8b944db547ef95912a658d8cf291
                                    • Opcode Fuzzy Hash: 6b9d43fcff3a956197c6ecf246e10df2a7ad8e3823803f27a5bd0ef177e5a397
                                    • Instruction Fuzzy Hash: 1661F77150C3464BCB21AF348854BBBB7E6AF95700F084A1DE8DD87251EB72DA09C7B2
                                    APIs
                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D90A1A
                                      • Part of subcall function 00D8A7F5: __getptd.LIBCMT ref: 00D8A808
                                      • Part of subcall function 00D8987E: __getptd_noexit.LIBCMT ref: 00D8987E
                                    • __stricmp_l.LIBCMT ref: 00D90A87
                                      • Part of subcall function 00D92B93: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D92BA2
                                    • ___crtLCMapStringA.LIBCMT ref: 00D90ADD
                                    • ___crtLCMapStringA.LIBCMT ref: 00D90B5E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Locale$StringUpdateUpdate::____crt$__getptd__getptd_noexit__stricmp_l
                                    • String ID:
                                    • API String ID: 2544346105-0
                                    • Opcode ID: 7c285932f8404243fd9292b21bd446e85fb85862c43d94077e7b51ee8777a084
                                    • Instruction ID: 638bf32b43b7dedd5899615959d559e2e6d52c5c7e2b7d5a788a5955a24ff5c4
                                    • Opcode Fuzzy Hash: 7c285932f8404243fd9292b21bd446e85fb85862c43d94077e7b51ee8777a084
                                    • Instruction Fuzzy Hash: 9151E571904299AFDF259B68D895BBE7FF0AB0132CF2C8199E0A25B1D2C3748E41D770
                                    APIs
                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D9216F
                                    • __isleadbyte_l.LIBCMT ref: 00D921A2
                                    • MultiByteToWideChar.KERNEL32(42D46830,00000009,00D81893,14EC83CC,?,00000000,?,?,?,00D81893,00D81893,?), ref: 00D921D3
                                    • MultiByteToWideChar.KERNEL32(42D46830,00000009,00D81893,00000001,?,00000000,?,?,?,00D81893,00D81893,?), ref: 00D92241
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                    • String ID:
                                    • API String ID: 3058430110-0
                                    • Opcode ID: 3532e9bf2b082996f96ff481a98f736a31aa5fefa8fcf0e98db7670f91749d96
                                    • Instruction ID: e2808a1b66afeee344bb0e374f0be25513071844e8065e2c858201ecf50a198a
                                    • Opcode Fuzzy Hash: 3532e9bf2b082996f96ff481a98f736a31aa5fefa8fcf0e98db7670f91749d96
                                    • Instruction Fuzzy Hash: 89316B31A00346FFDF20DFA4CC94ABE7BA5FF01310B1885A9E561AB1A1E730D950DB60
                                    APIs
                                    • GetEnvironmentStringsW.KERNEL32(00000000,00D936F1,00000000,00000000,7622DF80,?,00D934E9,?,00000000), ref: 00D93C80
                                    • __malloc_crt.LIBCMT ref: 00D93CAF
                                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,00000000,?,00D934E9,?,00000000), ref: 00D93CBC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: EnvironmentStrings$Free__malloc_crt
                                    • String ID:
                                    • API String ID: 237123855-0
                                    • Opcode ID: ae022db3d128e746a8a82cdd668bd2b90fe2afd17c1a741b89e5956394005c57
                                    • Instruction ID: 6fec1de68a19f70d981ce6a37c85543718baf01e7aebf8375467badffbee764c
                                    • Opcode Fuzzy Hash: ae022db3d128e746a8a82cdd668bd2b90fe2afd17c1a741b89e5956394005c57
                                    • Instruction Fuzzy Hash: 08F027775016106A8F317734BC4AC676B68DEE532530F4426F481F3205FA208F8283B1
                                    APIs
                                    • _vswprintf_s.LIBCMT ref: 00D818FE
                                      • Part of subcall function 00D8795E: __vsnprintf_l.LIBCMT ref: 00D87971
                                    • MessageBoxA.USER32 ref: 00D8191C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Message__vsnprintf_l_vswprintf_s
                                    • String ID: Error!
                                    • API String ID: 1841571876-3197658867
                                    • Opcode ID: 9e77b978b49d5713356b82b27429affe24e4c7a11e7693eefdf785435944e318
                                    • Instruction ID: d65c1b6f381073b5e95e3ca7d81483d7683424a3c60062102c2f27a23c0ac60a
                                    • Opcode Fuzzy Hash: 9e77b978b49d5713356b82b27429affe24e4c7a11e7693eefdf785435944e318
                                    • Instruction Fuzzy Hash: 47F08C70509341AAF374EB54CC42FAB7BE8EB88700F40490AE19D97282EA3191088776
                                    APIs
                                    • _vswprintf_s.LIBCMT ref: 00D8188E
                                      • Part of subcall function 00D8795E: __vsnprintf_l.LIBCMT ref: 00D87971
                                    • MessageBoxA.USER32 ref: 00D818AC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4062775767.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                    • Associated: 00000000.00000002.4062755665.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062797540.0000000000D94000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062819034.0000000000D9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4062839748.0000000000D9F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_d80000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Message__vsnprintf_l_vswprintf_s
                                    • String ID: Fatal Error!
                                    • API String ID: 1841571876-3335022266
                                    • Opcode ID: 7204a122feee239d006edfe7536ec0709c2f042831673df98c3563c21ce6de9a
                                    • Instruction ID: d3262330b3448b19c37048e0f3c898085025a71bc6575d9385bd07d8c79c0ac2
                                    • Opcode Fuzzy Hash: 7204a122feee239d006edfe7536ec0709c2f042831673df98c3563c21ce6de9a
                                    • Instruction Fuzzy Hash: 52F08C70509341AAF374EB54CC42FAA7BE8EB88700F40490AE19D97282EA3151088776

                                    Execution Graph

                                    Execution Coverage:1.7%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:1.9%
                                    Total number of Nodes:1729
                                    Total number of Limit Nodes:144
                                    execution_graph 88740 1184099 88741 11840ad getaddrinfo WSASetLastError 88740->88741 88742 11840a2 88740->88742 88745 1183ed4 12 API calls 88742->88745 88744 11840a8 88744->88741 88745->88744 88746 118279a 88747 11827ae 88746->88747 88748 11827a7 closesocket 88746->88748 88748->88747 88749 118289e connect 88750 11828e6 88749->88750 88754 11829de 88749->88754 88751 11829ea 88750->88751 88753 11828ee WSAGetLastError 88750->88753 88752 11829e6 WSAGetLastError 88752->88751 88753->88754 88755 11828fb 88753->88755 88754->88751 88754->88752 88756 1182919 select 88755->88756 88757 1182980 88756->88757 88758 1182963 88756->88758 88757->88754 88759 1182982 __WSAFDIsSet 88757->88759 88760 11829a9 getsockopt 88759->88760 88761 1182994 88759->88761 88762 11829ff WSAGetLastError 88760->88762 88763 11829d3 WSASetLastError 88760->88763 88762->88754 88763->88754 88764 11855de 88784 1182c51 88764->88784 88766 1185603 88767 118560a memset PyEval_SaveThread 88766->88767 88768 1185677 88766->88768 88789 1182c96 88767->88789 88770 1185630 88771 1185639 accept 88770->88771 88772 118564f PyEval_RestoreThread 88770->88772 88771->88772 88773 1185680 88772->88773 88774 1185662 PyErr_SetString 88772->88774 88775 1185685 88773->88775 88794 1183a4e PyEval_SaveThread ioctlsocket PyEval_RestoreThread PyType_GenericNew 88773->88794 88774->88768 88777 11856a3 88778 11856ac closesocket 88777->88778 88779 11856be 88777->88779 88795 1184b73 22 API calls 88779->88795 88781 11856cd 88782 11856d6 PyTuple_Pack 88781->88782 88783 11856e7 88781->88783 88782->88783 88785 1182c8a 88784->88785 88786 1182c61 88784->88786 88785->88766 88787 1182c7e 88786->88787 88788 1182c66 PyErr_SetString 88786->88788 88787->88766 88788->88766 88790 1182cb0 88789->88790 88791 1182cba 88789->88791 88790->88770 88792 1182d1a select 88791->88792 88793 1182d06 88792->88793 88793->88770 88794->88777 88795->88781 88796 2da759d 88797 2da75c0 88796->88797 88826 2d9e896 88797->88826 88799 2da4c72 88804 2da4d5a 88799->88804 88847 2d9301c 6 API calls 88799->88847 88803 2da4c8a 88855 2da2853 88803->88855 88895 2d9a121 sqlite3_mutex_leave 88804->88895 88807 2da8ff7 88812 2da901e 88807->88812 88896 2d9301c 6 API calls 88807->88896 88808 2da53b2 88814 2da2853 142 API calls 88812->88814 88814->88804 88817 2da9125 88897 2d9301c 6 API calls 88817->88897 88819 2da5359 88854 2d9301c 6 API calls 88819->88854 88820 2da0800 132 API calls 88822 2da487e 88820->88822 88822->88799 88822->88803 88822->88807 88822->88817 88822->88819 88822->88820 88824 2da0bee 132 API calls 88822->88824 88825 2da4ce8 88822->88825 88844 2da0cb4 133 API calls ___crtGetEnvironmentStringsA 88822->88844 88845 2da0c90 132 API calls 88822->88845 88846 2da0635 6 API calls 88822->88846 88848 2da27fe 88822->88848 88852 2da270c 120 API calls 88822->88852 88824->88822 88825->88799 88853 2da06e0 6 API calls 88825->88853 88827 2d9e8bf 88826->88827 88841 2d9e8b7 88826->88841 88898 2d9a381 88827->88898 88830 2d9e903 88832 2d9e928 88830->88832 88830->88841 88925 2d96b7f sqlite3_mutex_enter 88830->88925 88832->88841 88902 2d9d689 88832->88902 88835 2d9e960 88835->88841 88843 2d9e9db 88835->88843 88928 2d99830 88835->88928 88838 2d9ea2e 88838->88841 88913 2d9e74f 88838->88913 88840 2d9e98e 88840->88841 88940 2d9d5c6 117 API calls 88840->88940 88841->88822 88843->88841 88907 2d9d95f 88843->88907 88844->88822 88845->88822 88846->88822 88847->88803 88849 2da280a 88848->88849 88850 2da281c 88849->88850 89232 2d9301c 6 API calls 88849->89232 88850->88822 88852->88822 88853->88825 88854->88803 88856 2da2865 88855->88856 89233 2da2233 88856->89233 88860 2da28b0 88862 2da28fc 88860->88862 88863 2da27fe 6 API calls 88860->88863 88866 2da2922 88862->88866 88873 2da298b 88862->88873 88863->88862 88865 2da28df 89278 2dc89ee 129 API calls 88865->89278 88871 2da27fe 6 API calls 88866->88871 88889 2da2963 88866->88889 88868 2da2971 88884 2da29bc 88868->88884 89285 2da270c 120 API calls 88868->89285 88870 2da28e6 89279 2dc8790 sqlite3_free 88870->89279 88878 2da293a 88871->88878 88873->88868 88874 2da29ab 88873->88874 89282 2da26d3 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try sqlite3_free 88874->89282 88877 2da293f 89280 2d9a121 sqlite3_mutex_leave 88877->89280 88878->88877 89243 2da2339 88878->89243 88879 2da29db 88879->88884 89286 2d92d0c sqlite3_free 88879->89286 88882 2da29b0 89283 2dc89ee 129 API calls 88882->89283 88883 2da2a31 89288 2d9a121 sqlite3_mutex_leave 88883->89288 88884->88883 89287 2db0295 12 API calls _memset 88884->89287 88889->88868 89281 2dc89ee 129 API calls 88889->89281 88890 2da29b7 89284 2dc8790 sqlite3_free 88890->89284 88892 2da294a 88892->88804 88894 2db0295 12 API calls _memset 88892->88894 88894->88804 88895->88808 88896->88812 88897->88803 88900 2d9a388 88898->88900 88899 2d9a3ad 88899->88830 88899->88841 88924 2d9a3c4 136 API calls 88899->88924 88900->88899 88941 2d9a2e0 119 API calls 88900->88941 88906 2d9d6ac _memset ___crtGetEnvironmentStringsA 88902->88906 88904 2d9d88a 88904->88835 88906->88904 88942 2d9cf18 117 API calls ___crtGetEnvironmentStringsA 88906->88942 88943 2d9a4a8 117 API calls 88906->88943 88908 2d9d980 88907->88908 88910 2d9d9a9 ___crtGetEnvironmentStringsA 88907->88910 88909 2d99830 117 API calls 88908->88909 88908->88910 88911 2d9d9a4 ___crtGetEnvironmentStringsA 88909->88911 88910->88838 88911->88910 88944 2d9a7b5 117 API calls 88911->88944 88919 2d9e775 88913->88919 88914 2d9e882 88916 2d9e88e 88914->88916 88976 2d96ba3 sqlite3_free sqlite3_mutex_enter sqlite3_mutex_leave 88914->88976 88915 2d99830 117 API calls 88915->88919 88916->88841 88919->88914 88919->88915 88920 2d96b7f 8 API calls 88919->88920 88945 2d9dd69 88919->88945 88973 2d9e681 117 API calls ___crtGetEnvironmentStringsA 88919->88973 88974 2d9db7d 117 API calls 88919->88974 88975 2d96ba3 sqlite3_free sqlite3_mutex_enter sqlite3_mutex_leave 88919->88975 88920->88919 88924->88830 88926 2d96aad 6 API calls 88925->88926 88927 2d96b90 sqlite3_mutex_leave 88926->88927 88927->88832 88929 2d999d4 88928->88929 88932 2d9985c 88928->88932 88930 2d99671 104 API calls 88929->88930 88931 2d999ce 88930->88931 88931->88840 88932->88931 88933 2d993b3 117 API calls 88932->88933 88937 2d9998e 88932->88937 88939 2d99383 117 API calls 88932->88939 89040 2d97b99 6 API calls 88932->89040 89041 2d99671 88932->89041 88933->88932 88937->88931 89059 2d97b99 6 API calls 88937->89059 89060 2d99383 117 API calls 88937->89060 88939->88932 88940->88843 88941->88900 88942->88906 88943->88906 88944->88910 88946 2d9dda1 88945->88946 88952 2d9dd99 88945->88952 88977 2d9af47 88946->88977 88948 2d9df36 88980 2d92b05 88948->88980 88950 2d9df1b _memset 89000 2d92bcb sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave 88950->89000 88952->88919 88953 2d9de30 88953->88948 88953->88950 88954 2d9af47 117 API calls 88953->88954 88954->88953 88956 2d9df5e ___crtGetEnvironmentStringsA 88956->88950 88958 2d99830 117 API calls 88956->88958 88959 2d9e2b4 88956->88959 88992 2d9cf18 117 API calls ___crtGetEnvironmentStringsA 88956->88992 88993 2d9a4a8 117 API calls 88956->88993 88958->88956 88959->88950 88968 2d9e2e3 88959->88968 88994 2d9d5af 117 API calls 88959->88994 88961 2d9e46e 88962 2d9e4ab 88961->88962 88970 2d9e4c8 88961->88970 88995 2d9dcc0 117 API calls ___crtGetEnvironmentStringsA 88962->88995 88964 2d9e4b7 88996 2d9d5af 117 API calls 88964->88996 88966 2d9d95f 117 API calls 88966->88968 88967 2d9e60f 88967->88950 88999 2d9a4a8 117 API calls 88967->88999 88968->88950 88968->88961 88968->88966 88970->88950 88970->88967 88997 2d9a4a8 117 API calls 88970->88997 88998 2d9a7b5 117 API calls 88970->88998 88973->88919 88974->88919 88975->88919 88976->88916 89001 2d9ae98 88977->89001 88979 2d9af56 88979->88953 88981 2d92b33 88980->88981 88982 2d92b12 sqlite3_mutex_enter 88980->88982 88984 2d92b3c sqlite3_mutex_enter 88981->88984 88989 2d92b7b 88981->88989 88983 2d92b27 sqlite3_mutex_leave 88982->88983 88987 2d92b8a 88982->88987 88983->88981 88985 2d92b52 88984->88985 89039 2d929fe sqlite3_mutex_leave sqlite3_mutex_enter 88985->89039 88990 2d92bb5 sqlite3_mutex_leave 88987->88990 88988 2d92b5c 88991 2d92b6e sqlite3_mutex_leave 88988->88991 88989->88956 88990->88989 88991->88989 88992->88956 88993->88956 88994->88959 88995->88964 88996->88950 88997->88970 88998->88970 88999->88967 89000->88952 89004 2d993b3 89001->89004 89003 2d9aeac 89003->88979 89005 2d993ca 89004->89005 89012 2d993c2 _memset 89004->89012 89009 2d993e7 89005->89009 89018 2d96757 89005->89018 89008 2d99453 89008->89012 89025 2d99383 117 API calls 89008->89025 89009->89008 89010 2d9945b 89009->89010 89011 2d9944b 89009->89011 89009->89012 89010->89008 89015 2d99467 89010->89015 89022 2d990ec 4 API calls 2 library calls 89011->89022 89012->89003 89014 2d99480 89024 2d97c3d sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 89014->89024 89015->89012 89015->89014 89023 2d962f4 5 API calls _memset 89015->89023 89019 2d96763 89018->89019 89020 2d96784 _memset 89019->89020 89026 2d96aad 89019->89026 89020->89009 89022->89008 89023->89014 89024->89012 89025->89012 89027 2d96ad9 sqlite3_mutex_leave 89026->89027 89028 2d96ab6 89026->89028 89032 2d92a8e 89027->89032 89028->89027 89031 2d96abf 89028->89031 89031->89020 89033 2d92a9f 89032->89033 89035 2d92ace sqlite3_mutex_enter 89032->89035 89034 2d92aa8 sqlite3_mutex_enter 89033->89034 89033->89035 89038 2d929fe sqlite3_mutex_leave sqlite3_mutex_enter 89034->89038 89035->89031 89037 2d92abe sqlite3_mutex_leave 89037->89035 89038->89037 89039->88988 89040->88932 89042 2d99696 89041->89042 89044 2d9969c 89041->89044 89042->89044 89061 2d995fe 89042->89061 89044->88932 89047 2d99700 89047->89044 89048 2d997e7 89047->89048 89067 2d97546 89047->89067 89048->89044 89086 2d98b91 9 API calls 89048->89086 89052 2d997a9 89052->89044 89084 2d962f4 5 API calls _memset 89052->89084 89056 2d997d9 89085 2d97c3d sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 89056->89085 89057 2d97546 4 API calls 89057->89052 89059->88937 89060->88937 89062 2d99612 89061->89062 89063 2d99530 102 API calls 89062->89063 89064 2d9965b 89062->89064 89066 2d9966a 89062->89066 89063->89064 89064->89066 89087 2d97d1a 89064->89087 89066->89044 89066->89047 89074 2d99530 89066->89074 89068 2d97552 89067->89068 89069 2d923b1 4 API calls 89068->89069 89070 2d97563 89069->89070 89070->89052 89071 2d923b1 89070->89071 89095 2d955d7 SetFilePointer 89071->89095 89075 2d99546 89074->89075 89077 2d9955d 89074->89077 89102 2d96261 89075->89102 89077->89047 89078 2d99574 89083 2d995d2 89078->89083 89105 2d97761 89078->89105 89083->89077 89114 2d964e1 sqlite3_free 89083->89114 89084->89056 89085->89048 89086->89044 89088 2d97d39 89087->89088 89091 2d97d32 89087->89091 89093 2d97beb sqlite3_free sqlite3_free 89088->89093 89090 2d97d3e 89090->89091 89094 2d964e1 sqlite3_free 89090->89094 89091->89066 89093->89090 89094->89091 89096 2d9560f GetLastError 89095->89096 89097 2d95619 89095->89097 89096->89097 89100 2d923c7 89096->89100 89098 2d9561b WriteFile 89097->89098 89099 2d95647 89097->89099 89098->89097 89101 2d95657 GetLastError 89098->89101 89099->89100 89099->89101 89100->89052 89100->89057 89101->89100 89115 2d92e65 89102->89115 89104 2d9626b 89104->89077 89104->89078 89111 2d923dd 89104->89111 89107 2d97781 89105->89107 89106 2d9780d sqlite3_randomness 89108 2d97823 _memset 89106->89108 89107->89106 89109 2d97886 89108->89109 89110 2d923b1 4 API calls 89108->89110 89109->89083 89110->89108 89118 2d95cb0 89111->89118 89114->89077 89116 2d92a8e 4 API calls 89115->89116 89117 2d92e70 _memset 89116->89117 89117->89104 89119 2d95cca 89118->89119 89120 2d95cd3 89118->89120 89166 2d95ae7 77 API calls ___free_lconv_mon 89119->89166 89137 2d923f3 89120->89137 89138 2d95ab0 89120->89138 89123 2d95cea 89123->89137 89148 2d95339 89123->89148 89126 2d95d6b CreateFileA 89128 2d95d71 89126->89128 89127 2d95d63 CreateFileW 89127->89128 89129 2d95d78 89128->89129 89130 2d95dad 89128->89130 89167 2dc9cb5 67 API calls 7 library calls 89129->89167 89151 2d95fe7 89130->89151 89133 2d95d81 89136 2d95cb0 90 API calls 89133->89136 89133->89137 89136->89137 89137->89078 89139 2d95339 GetVersionExA 89138->89139 89140 2d95ab5 89139->89140 89169 2d95382 69 API calls 2 library calls 89140->89169 89142 2d95ac8 89143 2d95acf 89142->89143 89170 2d9542d 70 API calls 2 library calls 89142->89170 89143->89123 89145 2d95ad8 89171 2dc9cb5 67 API calls 7 library calls 89145->89171 89147 2d95ae0 89147->89123 89149 2d9534b GetVersionExA 89148->89149 89150 2d95374 89148->89150 89149->89150 89150->89126 89150->89127 89172 2d95f0f 89151->89172 89154 2d95de5 89168 2dc9cb5 67 API calls 7 library calls 89154->89168 89155 2d95ab0 73 API calls 89156 2d96028 89155->89156 89156->89154 89157 2d95339 GetVersionExA 89156->89157 89158 2d96036 89157->89158 89159 2d9606b 89158->89159 89160 2d9603c GetDiskFreeSpaceW 89158->89160 89161 2d9607d GetDiskFreeSpaceA 89159->89161 89164 2d96079 89159->89164 89163 2d96091 89160->89163 89161->89163 89198 2dc9cb5 67 API calls 7 library calls 89163->89198 89164->89161 89166->89120 89167->89133 89168->89137 89169->89142 89170->89145 89171->89147 89173 2d95ab0 73 API calls 89172->89173 89174 2d95f20 89173->89174 89175 2d95339 GetVersionExA 89174->89175 89176 2d95f29 89175->89176 89177 2d95f7f GetFullPathNameA 89176->89177 89178 2d95f35 GetFullPathNameW 89176->89178 89180 2dc9d92 _malloc 67 API calls 89177->89180 89199 2dc9d92 89178->89199 89182 2d95f92 89180->89182 89183 2d95f53 89182->89183 89185 2d95f9a GetFullPathNameA 89182->89185 89217 2dc9cb5 67 API calls 7 library calls 89183->89217 89184 2d95f64 GetFullPathNameW 89218 2dc9cb5 67 API calls 7 library calls 89184->89218 89220 2dc9cb5 67 API calls 7 library calls 89185->89220 89189 2d95faa sqlite3_win32_mbcs_to_utf8 89191 2d95f7d 89189->89191 89190 2d95f74 89219 2d953d2 69 API calls 2 library calls 89190->89219 89221 2dc9cb5 67 API calls 7 library calls 89191->89221 89194 2d95fbe 89195 2d95fc3 sqlite3_snprintf 89194->89195 89197 2d95f5b 89194->89197 89222 2dc9cb5 67 API calls 7 library calls 89195->89222 89197->89154 89197->89155 89198->89154 89200 2dc9e45 89199->89200 89211 2dc9da4 89199->89211 89230 2dcbc22 6 API calls __decode_pointer 89200->89230 89202 2dc9e4b 89231 2dca809 67 API calls __getptd_noexit 89202->89231 89205 2d95f4b 89205->89183 89205->89184 89208 2dc9e01 RtlAllocateHeap 89208->89211 89209 2dc9db5 89209->89211 89223 2dcbbda 67 API calls 2 library calls 89209->89223 89224 2dcba2f 67 API calls 7 library calls 89209->89224 89225 2dcb7a0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 89209->89225 89211->89205 89211->89208 89211->89209 89212 2dc9e31 89211->89212 89215 2dc9e36 89211->89215 89226 2dc9d43 67 API calls 4 library calls 89211->89226 89227 2dcbc22 6 API calls __decode_pointer 89211->89227 89228 2dca809 67 API calls __getptd_noexit 89212->89228 89229 2dca809 67 API calls __getptd_noexit 89215->89229 89217->89197 89218->89190 89219->89191 89220->89189 89221->89194 89222->89197 89223->89209 89224->89209 89226->89211 89227->89211 89228->89215 89229->89205 89230->89202 89231->89205 89232->88850 89234 2da2242 89233->89234 89235 2da228f 89234->89235 89289 2da21b4 132 API calls 89234->89289 89236 2da22a1 89235->89236 89290 2da1c08 132 API calls 89235->89290 89236->88892 89239 2da27d4 89236->89239 89240 2da27dc 89239->89240 89242 2da27fa 89239->89242 89240->89242 89291 2d99f70 sqlite3_mutex_enter 89240->89291 89242->88860 89277 2da26d3 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try sqlite3_free 89242->89277 89292 2dc2124 sqlite3_free 89243->89292 89245 2da23b1 89245->88877 89245->88889 89246 2da2358 89246->89245 89247 2da2658 89246->89247 89255 2da23e2 89246->89255 89250 2da2689 89247->89250 89251 2d9c01b 121 API calls 89247->89251 89249 2da2416 sqlite3_randomness 89294 2d93dd3 89249->89294 89250->89245 89254 2d9c0da 6 API calls 89250->89254 89275 2da2633 89250->89275 89251->89247 89254->89250 89255->89245 89256 2da2482 89255->89256 89258 2da2468 89255->89258 89293 2d92d0c sqlite3_free 89255->89293 89298 2d92d0c sqlite3_free 89256->89298 89297 2d923f7 97 API calls 89258->89297 89260 2da25d6 89324 2d9243d sqlite3_free 89260->89324 89262 2da2598 89262->89260 89311 2d9c01b 89262->89311 89263 2da25df 89263->89256 89264 2da25e7 89263->89264 89325 2d92d0c sqlite3_free 89264->89325 89267 2da2567 89267->89262 89271 2da263d 89267->89271 89269 2da2478 89269->89256 89269->89262 89269->89267 89269->89271 89272 2d923b1 4 API calls 89269->89272 89299 2d99f9a 89269->89299 89310 2d99ffe sqlite3_mutex_leave 89269->89310 89335 2d9243d sqlite3_free 89271->89335 89272->89269 89273 2da2602 89273->89245 89273->89275 89326 2d9c0da 89273->89326 89275->89245 89336 2dc20c2 sqlite3_free 89275->89336 89277->88865 89278->88870 89279->88860 89280->88892 89281->88868 89282->88882 89283->88890 89284->88884 89285->88879 89286->88884 89287->88883 89288->88892 89289->89234 89290->89236 89291->89240 89292->89246 89293->89249 89337 2d93d74 89294->89337 89297->89269 89298->89245 89300 2d99ffc 89299->89300 89301 2d99fa0 89299->89301 89300->89269 89301->89300 89302 2d99fa9 sqlite3_mutex_try 89301->89302 89303 2d99fb9 89302->89303 89304 2d99fc6 89302->89304 89303->89269 89305 2d99fde 89304->89305 89360 2d99f89 sqlite3_mutex_leave 89304->89360 89361 2d99f70 sqlite3_mutex_enter 89305->89361 89308 2d99fe5 89308->89300 89362 2d99f70 sqlite3_mutex_enter 89308->89362 89310->89269 89312 2d9c029 89311->89312 89323 2d9c04b 89311->89323 89313 2d99f9a 3 API calls 89312->89313 89314 2d9c031 89313->89314 89315 2d9c04f 89314->89315 89379 2d9befa 118 API calls 89314->89379 89363 2d99a4d 89315->89363 89318 2d9c03e 89318->89315 89320 2d9c044 89318->89320 89380 2d99ffe sqlite3_mutex_leave 89320->89380 89323->89262 89324->89263 89325->89273 89327 2d99f9a 3 API calls 89326->89327 89328 2d9c0e7 89327->89328 89329 2d9c0f4 89328->89329 89427 2d99be3 89328->89427 89332 2d9c0f8 89329->89332 89433 2d9c06e sqlite3_free sqlite3_free 89329->89433 89432 2d99ffe sqlite3_mutex_leave 89332->89432 89334 2d9c101 89334->89273 89335->89256 89336->89245 89342 2d930f5 89337->89342 89341 2d93dc6 89341->89255 89350 2d9310e _memset __aullrem __aulldvrm 89342->89350 89343 2d93aba 89351 2d93d10 89343->89351 89344 2d93bef 89355 2d93c45 5 API calls ___crtGetEnvironmentStringsA 89344->89355 89346 2d93bff 89347 2d93c45 sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 89347->89350 89348 2d93bcf sqlite3_free 89348->89350 89349 2d930ae sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 89349->89350 89350->89343 89350->89344 89350->89347 89350->89348 89350->89349 89352 2d93d17 89351->89352 89354 2d93d39 ___crtGetEnvironmentStringsA 89351->89354 89352->89354 89356 2d92eb1 89352->89356 89354->89341 89355->89346 89359 2d92eb5 89356->89359 89357 2d92a8e 4 API calls 89358 2d92ebb 89357->89358 89358->89354 89359->89357 89359->89358 89360->89304 89361->89308 89362->89308 89364 2d99a6f 89363->89364 89365 2d99a65 89363->89365 89381 2d99ffe sqlite3_mutex_leave 89364->89381 89365->89364 89382 2d999ea 89365->89382 89367 2d99b2b 89390 2d97a29 89367->89390 89369 2d99b39 89369->89364 89402 2d98959 89369->89402 89371 2d993b3 117 API calls 89372 2d99aa4 89371->89372 89372->89364 89372->89367 89372->89371 89374 2d99830 117 API calls 89372->89374 89415 2d994c8 117 API calls 89372->89415 89373 2d99b4b 89373->89364 89410 2d98aa9 89373->89410 89374->89372 89377 2d99b78 89377->89364 89416 2d98270 SetFilePointer GetLastError WriteFile GetLastError __gmtime64_s 89377->89416 89379->89318 89380->89323 89381->89323 89383 2d999fc 89382->89383 89384 2d99a46 89382->89384 89383->89384 89385 2d993b3 117 API calls 89383->89385 89384->89372 89386 2d99a0d 89385->89386 89387 2d99830 117 API calls 89386->89387 89389 2d99a1f 89386->89389 89387->89389 89417 2d994c8 117 API calls 89389->89417 89391 2d97a40 89390->89391 89401 2d97b3e 89390->89401 89392 2d97546 4 API calls 89391->89392 89391->89401 89393 2d97aad 89392->89393 89394 2d923b1 4 API calls 89393->89394 89393->89401 89395 2d97ad0 89394->89395 89396 2d97546 4 API calls 89395->89396 89395->89401 89397 2d97aff 89396->89397 89398 2d97546 4 API calls 89397->89398 89397->89401 89399 2d97b21 89398->89399 89400 2d923b1 4 API calls 89399->89400 89399->89401 89400->89401 89401->89369 89403 2d98a47 89402->89403 89404 2d9896e 89402->89404 89403->89373 89404->89403 89418 2d92397 89404->89418 89407 2d923b1 4 API calls 89407->89403 89408 2d923b1 4 API calls 89409 2d989fe 89408->89409 89409->89403 89409->89407 89411 2d98b89 89410->89411 89413 2d98abd __gmtime64_s 89410->89413 89411->89377 89412 2d923b1 4 API calls 89412->89413 89413->89411 89413->89412 89426 2da04a4 117 API calls 89413->89426 89415->89372 89416->89364 89417->89384 89421 2d95544 SetFilePointer 89418->89421 89419 2d923ad 89419->89408 89419->89409 89422 2d95588 ReadFile 89421->89422 89423 2d9557a GetLastError 89421->89423 89424 2d955a3 GetLastError 89422->89424 89425 2d95580 _memset 89422->89425 89423->89422 89423->89425 89424->89425 89425->89419 89426->89413 89428 2d99c16 89427->89428 89429 2d99beb 89427->89429 89428->89329 89430 2d97d1a 2 API calls 89429->89430 89431 2d99bf1 89429->89431 89430->89428 89431->89329 89432->89334 89433->89332 89434 118555f 89440 1184942 89434->89440 89436 1185585 89437 118558c 89436->89437 89438 1185593 PyEval_SaveThread bind PyEval_RestoreThread 89436->89438 89439 11855bf 89438->89439 89441 1184aab 89440->89441 89442 1184965 89440->89442 89443 1184adb PyArg_ParseTuple 89441->89443 89444 1184ab7 PyErr_Format 89441->89444 89445 1184988 89442->89445 89446 118496a PyErr_SetString 89442->89446 89447 1184b69 89443->89447 89448 1184afd 89443->89448 89444->89436 89449 118499e PyErr_Format 89445->89449 89450 11849c3 PyArg_ParseTuple 89445->89450 89446->89436 89447->89436 89465 1184356 30 API calls 89448->89465 89449->89436 89450->89447 89451 11849f3 89450->89451 89464 1184356 30 API calls 89451->89464 89454 1184b0c PyMem_Free 89454->89447 89456 1184b20 89454->89456 89455 1184a02 PyMem_Free 89455->89447 89459 1184a1a 89455->89459 89457 1184b2b htons 89456->89457 89458 1184b52 PyErr_SetString 89456->89458 89457->89436 89458->89447 89460 1184a8b PyErr_SetString 89459->89460 89461 1184a25 89459->89461 89460->89436 89462 1184a6a PyErr_SetString 89461->89462 89463 1184a2f htons htonl 89461->89463 89462->89436 89463->89436 89464->89455 89465->89454 89466 2d92594 89467 2dc9d92 _malloc 67 API calls 89466->89467 89468 2d925a8 89467->89468 89469 11837d6 PyArg_ParseTupleAndKeywords 89470 1183820 89469->89470 89471 1183827 PyEval_SaveThread socket PyEval_RestoreThread 89469->89471 89472 1183864 89471->89472 89473 1183857 89471->89473 89479 1183665 PyEval_SaveThread ioctlsocket PyEval_RestoreThread 89472->89479 89478 1182df9 WSAGetLastError PyErr_SetExcFromWindowsErr PyErr_SetFromErrno 89473->89478 89476 118385c 89477 118387e 89478->89476 89479->89477 89480 1192908 89502 119278e 89480->89502 89482 1192919 89496 11929bb 89482->89496 89506 1191a6a 89482->89506 89484 1192928 89485 1192930 PyArg_ParseTuple 89484->89485 89484->89496 89486 119294d 89485->89486 89485->89496 89510 119220a 89486->89510 89489 119296a 89517 1194e8a 89489->89517 89492 11929cd PyWeakref_NewRef 89494 11929de PyList_Append 89492->89494 89492->89496 89493 1192987 89495 119298c PyErr_SetString 89493->89495 89498 11929ac 89493->89498 89494->89496 89495->89496 89525 11954f8 PyEval_SaveThread sqlite3_reset PyEval_RestoreThread 89498->89525 89500 11929b1 89526 119566a 11 API calls 89500->89526 89503 11927c0 89502->89503 89504 1192795 PyThread_get_thread_ident 89502->89504 89503->89482 89504->89503 89505 11927a2 PyThread_get_thread_ident PyErr_Format 89504->89505 89505->89482 89508 1191a70 89506->89508 89507 1191a75 PyErr_SetString 89507->89484 89508->89507 89509 1191a93 89508->89509 89509->89484 89511 119221a PyList_New 89510->89511 89516 1192279 _PyObject_New 89510->89516 89512 119222f PyList_Size 89511->89512 89511->89516 89513 119223e PyList_GetItem PyWeakref_GetObject 89512->89513 89512->89516 89514 119226a PyList_Size 89513->89514 89515 119225c PyList_Append 89513->89515 89514->89513 89514->89516 89515->89514 89515->89516 89516->89489 89516->89496 89518 1194ea9 89517->89518 89519 1194ead 89517->89519 89520 1194ec1 PyString_AsString PyEval_SaveThread sqlite3_prepare PyEval_RestoreThread 89518->89520 89521 1194eb5 PyUnicodeUCS2_AsUTF8String 89519->89521 89523 1192983 89519->89523 89522 1194f08 89520->89522 89520->89523 89521->89520 89521->89523 89522->89523 89524 1194f14 sqlite3_finalize 89522->89524 89523->89492 89523->89493 89524->89523 89525->89500 89526->89496 89527 118398d PyArg_ParseTuple 89528 11839b9 89527->89528 89534 11839d7 89527->89534 89529 11839dd PyString_FromStringAndSize 89528->89529 89530 11839c1 PyErr_SetString 89528->89530 89531 11839f0 89529->89531 89529->89534 89530->89534 89536 1183513 PyEval_SaveThread 89531->89536 89533 1183a08 89533->89534 89535 1183a34 _PyString_Resize 89533->89535 89535->89534 89537 1182c96 select 89536->89537 89538 118352e 89537->89538 89539 1183552 PyEval_RestoreThread 89538->89539 89540 1183537 recv 89538->89540 89541 1183561 PyErr_SetString 89539->89541 89542 118357e 89539->89542 89540->89539 89541->89533 89542->89533 89543 2d9550e 89544 2d9552d CloseHandle 89543->89544 89545 2d9551f 89544->89545 89546 2d95536 89544->89546 89545->89546 89547 2d95525 Sleep 89545->89547 89547->89544 89548 2db8603 89549 2db862d sqlite3_mutex_enter 89548->89549 89550 2db8626 89548->89550 89584 2d945a6 89549->89584 89550->89549 89552 2db87e4 89554 2db881c 89552->89554 89601 2da2b2f 143 API calls 89552->89601 89553 2db8670 sqlite3_prepare 89569 2db8642 89553->89569 89602 2d92d0c sqlite3_free 89554->89602 89557 2db86a5 sqlite3_column_count 89559 2db86b7 sqlite3_step 89557->89559 89558 2db8829 89603 2d93043 134 API calls 89558->89603 89559->89569 89561 2db8832 89563 2db883b sqlite3_errcode 89561->89563 89583 2db887f ___crtGetEnvironmentStringsA 89561->89583 89566 2db8846 89563->89566 89563->89583 89565 2db889f sqlite3_mutex_leave 89566->89565 89568 2db884d sqlite3_errmsg 89566->89568 89567 2db8751 sqlite3_column_text 89567->89569 89571 2db8764 sqlite3_column_type 89567->89571 89572 2db885d 89568->89572 89569->89552 89569->89553 89569->89557 89569->89559 89569->89567 89573 2db871d sqlite3_column_name 89569->89573 89574 2db87ef 89569->89574 89595 2d92e8b 89569->89595 89598 2da2b2f 143 API calls 89569->89598 89599 2d92d0c sqlite3_free 89569->89599 89571->89552 89571->89569 89576 2d92a8e 4 API calls 89572->89576 89573->89569 89573->89573 89600 2da2b2f 143 API calls 89574->89600 89578 2db8866 89576->89578 89577 2db87ff 89579 2d945a6 134 API calls 89577->89579 89580 2db886d sqlite3_errmsg 89578->89580 89581 2db8884 89578->89581 89579->89552 89580->89583 89582 2d945a6 134 API calls 89581->89582 89582->89583 89583->89565 89585 2d945fd 89584->89585 89587 2d945ad 89584->89587 89585->89569 89586 2d945bb 89586->89585 89589 2d94600 89586->89589 89590 2d945d3 89586->89590 89587->89586 89604 2da113d sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave 89587->89604 89589->89585 89606 2da0a9d 132 API calls 89589->89606 89591 2d93d74 6 API calls 89590->89591 89592 2d945e1 89591->89592 89592->89585 89605 2da0cb4 133 API calls ___crtGetEnvironmentStringsA 89592->89605 89596 2d92eb1 4 API calls 89595->89596 89597 2d92e97 _memset 89596->89597 89597->89569 89598->89569 89599->89569 89600->89577 89601->89554 89602->89558 89603->89561 89604->89586 89605->89585 89606->89585 89607 1183438 PyArg_ParseTuple 89608 118346b 89607->89608 89609 118346f PyEval_SaveThread 89607->89609 89610 1182c96 select 89609->89610 89611 1183491 89610->89611 89612 118349a send 89611->89612 89613 11834af 89611->89613 89614 11834b3 PyEval_RestoreThread PyBuffer_Release 89612->89614 89613->89614 89615 11834f0 89614->89615 89616 11834d1 PyErr_SetString 89614->89616 89617 1183501 PyInt_FromLong 89615->89617 89618 11834f4 89615->89618 89619 2d95dfd 89620 2d95ab0 73 API calls 89619->89620 89621 2d95e0d 89620->89621 89622 2d95e14 89621->89622 89623 2d95339 GetVersionExA 89621->89623 89624 2d95e22 89623->89624 89625 2d95e58 DeleteFileA GetFileAttributesA 89624->89625 89626 2d95e26 DeleteFileW GetFileAttributesW 89624->89626 89629 2d95e7a 89625->89629 89630 2d95e6d GetLastError 89625->89630 89627 2d95e48 89626->89627 89628 2d95e3b GetLastError 89626->89628 89631 2d95e8a 89627->89631 89632 2d95e4e Sleep 89627->89632 89628->89627 89628->89631 89629->89631 89633 2d95e80 Sleep 89629->89633 89630->89629 89630->89631 89635 2dc9cb5 67 API calls 7 library calls 89631->89635 89632->89626 89633->89625 89635->89622 89636 2dc91f9 sqlite3_initialize 89637 2dc920f 89636->89637 89642 2dc94a1 89636->89642 89638 2d92e65 4 API calls 89637->89638 89643 2dc9272 89638->89643 89639 2dc9488 sqlite3_errcode 89641 2dc9496 sqlite3_close 89639->89641 89639->89642 89640 2dc929e sqlite3_mutex_enter sqlite3_vfs_find 89644 2dc9318 89640->89644 89645 2dc9332 89640->89645 89641->89642 89643->89639 89643->89640 89649 2dc9290 sqlite3_free 89643->89649 89647 2d945a6 134 API calls 89644->89647 89681 2dc90bd 89645->89681 89680 2dc932a 89647->89680 89649->89639 89650 2dc90bd 139 API calls 89652 2dc9358 89650->89652 89651 2dc947e sqlite3_mutex_leave 89651->89639 89653 2dc90bd 139 API calls 89652->89653 89654 2dc9366 89653->89654 89655 2dc90bd 139 API calls 89654->89655 89656 2dc937c 89655->89656 89656->89651 89694 2db34ac 89656->89694 89659 2dc90bd 139 API calls 89660 2dc93aa 89659->89660 89698 2dc8f09 89660->89698 89663 2dc93ef 89706 2db3783 89663->89706 89664 2dc93d5 89666 2d945a6 134 API calls 89664->89666 89666->89680 89668 2db3783 7 API calls 89669 2dc9409 89668->89669 89669->89651 89670 2d945a6 134 API calls 89669->89670 89671 2dc9447 89670->89671 89712 2db55b3 89671->89712 89676 2dc9461 89677 2d945a6 134 API calls 89676->89677 89678 2dc946a 89677->89678 89728 2dc85b9 89678->89728 89680->89651 89682 2dc90cc 89681->89682 89683 2db34ac 10 API calls 89682->89683 89691 2dc9120 89682->89691 89684 2dc90fa 89683->89684 89686 2dc9114 89684->89686 89690 2dc9129 89684->89690 89693 2dc914a 89684->89693 89685 2db34ac 10 API calls 89687 2dc9185 89685->89687 89688 2d945a6 134 API calls 89686->89688 89689 2d945a6 134 API calls 89687->89689 89688->89691 89689->89691 89690->89693 89734 2d9522f sqlite3_strnicmp 89690->89734 89691->89650 89693->89685 89695 2db34c3 89694->89695 89696 2db34b6 89694->89696 89695->89659 89735 2db3422 10 API calls ___crtGetEnvironmentStringsA 89696->89735 89700 2dc8f18 89698->89700 89736 2d9afdb 89700->89736 89702 2dc8f7d 89702->89663 89702->89664 89704 2dc8f6c 89704->89702 89768 2d9b4dd sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try 89704->89768 89707 2db378a 89706->89707 89708 2db3799 89706->89708 89790 2d9fc1e 7 API calls 89707->89790 89710 2d92e65 4 API calls 89708->89710 89711 2db3796 89710->89711 89711->89668 89791 2dc8bc2 89712->89791 89715 2dc8bc2 135 API calls 89716 2db55e4 89715->89716 89717 2dc8bc2 135 API calls 89716->89717 89718 2db55fe 89717->89718 89719 2db561c 89718->89719 89720 2db5607 sqlite3_overload_function 89718->89720 89721 2db8b95 89719->89721 89720->89719 89722 2db8ba9 89721->89722 89726 2db8c1d sqlite3_errcode 89721->89726 89723 2db8bb1 sqlite3_mutex_enter 89722->89723 89724 2db8bd2 sqlite3_mutex_leave 89722->89724 89725 2db8c0f sqlite3_free 89722->89725 89727 2d945a6 134 API calls 89722->89727 89723->89722 89724->89722 89724->89725 89725->89722 89725->89726 89726->89651 89726->89676 89727->89722 89729 2dc85d2 89728->89729 89732 2dc85ca 89728->89732 89730 2dc85db sqlite3_free 89729->89730 89731 2dc85e7 89729->89731 89730->89731 89731->89732 89733 2d92a8e 4 API calls 89731->89733 89732->89680 89733->89732 89734->89693 89735->89695 89737 2d9aff6 89736->89737 89738 2d92e65 4 API calls 89737->89738 89741 2d9b01d 89738->89741 89739 2d9b024 89739->89702 89767 2d9fc1e 7 API calls 89739->89767 89740 2d9b156 89742 2d92e65 4 API calls 89740->89742 89741->89739 89741->89740 89745 2d92a8e 4 API calls 89741->89745 89743 2d9b160 89742->89743 89750 2d9b167 89743->89750 89769 2d98cad 89743->89769 89746 2d9b071 89745->89746 89748 2d9b08d 89746->89748 89749 2d9b07c sqlite3_free 89746->89749 89747 2d9b17d sqlite3_free sqlite3_free 89765 2d9b191 89747->89765 89755 2d9b0a3 sqlite3_mutex_enter 89748->89755 89749->89739 89750->89747 89787 2d988ec 118 API calls 89750->89787 89752 2d9b197 sqlite3_mutex_leave 89752->89739 89753 2d9b1d9 _memset 89753->89750 89754 2d92397 4 API calls 89753->89754 89758 2d9b20d 89753->89758 89754->89758 89786 2d92674 89755->89786 89757 2d9b0b7 sqlite3_mutex_enter 89759 2d9b13e sqlite3_mutex_leave sqlite3_free 89757->89759 89762 2d9b0cd 89757->89762 89758->89750 89788 2d98759 11 API calls 89758->89788 89759->89740 89759->89765 89761 2d9b2dd 89761->89750 89764 2d9b340 sqlite3_mutex_enter sqlite3_mutex_leave 89761->89764 89761->89765 89763 2d9b10e 89762->89763 89766 2d9b1a8 sqlite3_mutex_leave sqlite3_mutex_leave sqlite3_free 89762->89766 89763->89759 89764->89765 89765->89739 89765->89752 89766->89743 89767->89704 89768->89702 89770 2d98ceb 89769->89770 89772 2d92a8e 4 API calls 89770->89772 89783 2d98d23 89770->89783 89771 2d92e65 4 API calls 89773 2d98db1 89771->89773 89772->89783 89777 2d98dbb ___crtGetEnvironmentStringsA 89773->89777 89782 2d98d7a sqlite3_free 89773->89782 89776 2d98e50 89779 2d923dd 92 API calls 89776->89779 89781 2d98e82 89776->89781 89777->89776 89780 2d98e47 sqlite3_free 89777->89780 89778 2d98edb 89784 2d98eeb sqlite3_free 89778->89784 89785 2d98d2b _memset 89778->89785 89779->89781 89780->89776 89781->89778 89789 2d98759 11 API calls 89781->89789 89782->89785 89783->89771 89783->89782 89783->89785 89784->89785 89785->89753 89786->89757 89787->89747 89788->89761 89789->89778 89790->89711 89792 2dc8bd5 89791->89792 89800 2db55cd 89791->89800 89794 2dc8bc2 135 API calls 89792->89794 89799 2dc8c0c 89792->89799 89792->89800 89795 2dc8c3f 89794->89795 89797 2dc8bc2 135 API calls 89795->89797 89795->89800 89796 2dc8cb1 89805 2db35b9 5 API calls ___crtGetEnvironmentStringsA 89796->89805 89797->89799 89799->89800 89804 2db35b9 5 API calls ___crtGetEnvironmentStringsA 89799->89804 89800->89715 89801 2dc8c7b 89801->89796 89802 2dc8c9c 89801->89802 89803 2d945a6 134 API calls 89802->89803 89803->89800 89804->89801 89805->89800 89806 2da803f 89843 2d9a013 89806->89843 89809 2da80d0 89858 2d9a09c sqlite3_mutex_leave 89809->89858 89810 2d93dd3 6 API calls 89812 2da80c3 89810->89812 89812->89809 89813 2da80d9 sqlite3_exec 89812->89813 89814 2da8108 89813->89814 89857 2d92d0c sqlite3_free 89814->89857 89817 2da2853 142 API calls 89818 2da5381 89817->89818 89834 2da4d5a 89818->89834 89855 2db0295 12 API calls _memset 89818->89855 89819 2da487e 89822 2da9125 89819->89822 89823 2da8ff7 89819->89823 89825 2da0bee 132 API calls 89819->89825 89826 2da27fe 6 API calls 89819->89826 89836 2da5359 89819->89836 89837 2da0800 132 API calls 89819->89837 89839 2da4c72 89819->89839 89840 2da4c8a 89819->89840 89842 2da4ce8 89819->89842 89848 2da0cb4 133 API calls ___crtGetEnvironmentStringsA 89819->89848 89849 2da0c90 132 API calls 89819->89849 89850 2da0635 6 API calls 89819->89850 89852 2da270c 120 API calls 89819->89852 89860 2d9301c 6 API calls 89822->89860 89829 2da901e 89823->89829 89859 2d9301c 6 API calls 89823->89859 89824 2da53b2 89825->89819 89826->89819 89831 2da2853 142 API calls 89829->89831 89831->89834 89856 2d9a121 sqlite3_mutex_leave 89834->89856 89854 2d9301c 6 API calls 89836->89854 89837->89819 89839->89834 89851 2d9301c 6 API calls 89839->89851 89840->89817 89842->89839 89853 2da06e0 6 API calls 89842->89853 89844 2d9a097 89843->89844 89845 2d9a026 89843->89845 89844->89809 89844->89810 89845->89844 89861 2d99f89 sqlite3_mutex_leave 89845->89861 89862 2d99f70 sqlite3_mutex_enter 89845->89862 89848->89819 89849->89819 89850->89819 89851->89840 89852->89819 89853->89842 89854->89840 89855->89834 89856->89824 89857->89809 89858->89819 89859->89829 89860->89840 89861->89845 89862->89845 89863 2dca57b 89864 2dca58b 89863->89864 89865 2dca586 89863->89865 89869 2dca485 89864->89869 89877 2dce0df GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 89865->89877 89868 2dca599 89870 2dca491 __ioinit 89869->89870 89871 2dca52e __ioinit 89870->89871 89874 2dca4de ___DllMainCRTStartup 89870->89874 89878 2dca350 89870->89878 89871->89868 89873 2dca350 __CRT_INIT@12 154 API calls 89873->89871 89874->89871 89875 2dca350 __CRT_INIT@12 154 API calls 89874->89875 89876 2dca50e 89874->89876 89875->89876 89876->89871 89876->89873 89877->89864 89879 2dca35f 89878->89879 89880 2dca3db 89878->89880 89928 2dca81c HeapCreate 89879->89928 89882 2dca412 89880->89882 89889 2dca3e1 89880->89889 89883 2dca417 89882->89883 89886 2dca470 89882->89886 89930 2dcd1bb TlsGetValue 89883->89930 89895 2dca36a 89886->89895 89956 2dcd4d5 79 API calls 2 library calls 89886->89956 89887 2dca371 89941 2dcd543 76 API calls 8 library calls 89887->89941 89888 2dca3fc 89888->89895 89951 2dcda55 68 API calls ___free_lconv_mon 89888->89951 89889->89888 89889->89895 89950 2dcb9d2 67 API calls _doexit 89889->89950 89895->89874 89896 2dca376 __RTC_Initialize 89899 2dca37a 89896->89899 89905 2dca386 GetCommandLineA 89896->89905 89942 2dca84c VirtualFree HeapFree HeapFree HeapDestroy 89899->89942 89900 2dca406 89952 2dcd1ef 7 API calls __decode_pointer 89900->89952 89902 2dca434 89953 2dcd140 6 API calls __crt_waiting_on_module_handle 89902->89953 89943 2dcddd6 76 API calls 3 library calls 89905->89943 89907 2dca37f 89907->89895 89910 2dca446 89914 2dca44d 89910->89914 89915 2dca464 89910->89915 89911 2dca396 89944 2dcd801 72 API calls 2 library calls 89911->89944 89913 2dca3a0 89918 2dca3a4 89913->89918 89946 2dcdd1b 112 API calls 3 library calls 89913->89946 89954 2dcd22c 67 API calls 5 library calls 89914->89954 89955 2dc9cb5 67 API calls 7 library calls 89915->89955 89945 2dcd1ef 7 API calls __decode_pointer 89918->89945 89919 2dca454 GetCurrentThreadId 89919->89895 89922 2dca3b0 89923 2dca3c4 89922->89923 89947 2dcdaa3 111 API calls 6 library calls 89922->89947 89923->89907 89949 2dcda55 68 API calls ___free_lconv_mon 89923->89949 89926 2dca3b9 89926->89923 89948 2dcb80b 74 API calls 5 library calls 89926->89948 89929 2dca365 89928->89929 89929->89887 89929->89895 89931 2dca41c 89930->89931 89932 2dcd1d0 89930->89932 89935 2dcd715 89931->89935 89957 2dcd140 6 API calls __crt_waiting_on_module_handle 89932->89957 89934 2dcd1db TlsSetValue 89934->89931 89938 2dcd71e 89935->89938 89937 2dca428 89937->89895 89937->89902 89938->89937 89939 2dcd73c Sleep 89938->89939 89958 2dcfa15 89938->89958 89940 2dcd751 89939->89940 89940->89937 89940->89938 89941->89896 89942->89907 89943->89911 89944->89913 89946->89922 89947->89926 89948->89923 89949->89918 89950->89888 89951->89900 89953->89910 89954->89919 89955->89907 89956->89895 89957->89934 89959 2dcfa21 __ioinit 89958->89959 89960 2dcfa39 89959->89960 89970 2dcfa58 _memset 89959->89970 89971 2dca809 67 API calls __getptd_noexit 89960->89971 89962 2dcfa3e 89972 2dcbd81 6 API calls 2 library calls 89962->89972 89963 2dcfaca RtlAllocateHeap 89963->89970 89967 2dcfa4e __ioinit 89967->89938 89970->89963 89970->89967 89973 2dcaa3c 67 API calls 2 library calls 89970->89973 89974 2dcb24e 5 API calls 2 library calls 89970->89974 89975 2dcfb11 LeaveCriticalSection _doexit 89970->89975 89976 2dcbc22 6 API calls __decode_pointer 89970->89976 89971->89962 89973->89970 89974->89970 89975->89970 89976->89970 89977 1182d30 PyEval_SaveThread ioctlsocket PyEval_RestoreThread 89978 1181070 WSAStartup 89979 118109b Py_AtExit Py_InitModule4 89978->89979 89980 11821a1 89978->89980 89981 118175d 89979->89981 89982 11810d7 PyErr_NewException 89979->89982 89983 11821ff PyErr_SetString 89980->89983 89985 11821e3 PyErr_SetString 89980->89985 89986 11821b5 PyOS_snprintf PyErr_SetString 89980->89986 89982->89981 89984 1181101 PyModule_AddObject PyErr_NewException 89982->89984 89984->89981 89987 1181136 PyModule_AddObject PyErr_NewException 89984->89987 89985->89983 89986->89985 89987->89981 89988 1181161 PyModule_AddObject PyErr_NewException 89987->89988 89988->89981 89989 118118c PyModule_AddObject PyModule_AddObject 89988->89989 89989->89981 89990 11811b5 PyModule_AddObject 89989->89990 89990->89981 89991 11811d3 PyModule_AddObject PyCapsule_New PyModule_AddObject 89990->89991 89991->89981 89992 1181209 108 API calls 89991->89992 89993 1181701 PyLong_FromUnsignedLong 89992->89993 89993->89981 89994 1181713 PyModule_AddObject 89993->89994 89994->89993 89995 1181727 PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyThread_allocate_lock 89994->89995 89995->89981 89996 2da6a72 90020 2da463c 89996->90020 89998 2da6a83 89999 2da6a94 89998->89999 90000 2da4c75 89998->90000 90002 2dc8f09 137 API calls 89999->90002 90037 2d9301c 6 API calls 90000->90037 90004 2da6ab8 90002->90004 90003 2da4c8a 90007 2da2853 142 API calls 90003->90007 90019 2da6b1f 90004->90019 90026 2d9b8d6 90004->90026 90008 2da5381 90007->90008 90012 2da53a7 90008->90012 90038 2db0295 12 API calls _memset 90008->90038 90009 2da6b57 90042 2d9c264 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try 90009->90042 90010 2da6ae5 90040 2d9ee29 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try 90010->90040 90039 2d9a121 sqlite3_mutex_leave 90012->90039 90014 2da6afc 90014->90019 90041 2d9c264 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try 90014->90041 90017 2da53b2 90021 2da4686 90020->90021 90024 2da468f 90020->90024 90052 2da21b4 132 API calls 90021->90052 90043 2da0570 90024->90043 90025 2da46a5 _memset 90025->89998 90027 2d99f9a 3 API calls 90026->90027 90035 2d9b8e8 90027->90035 90030 2d9ba49 90030->90009 90030->90010 90030->90019 90031 2d9b90a 90066 2d99ffe sqlite3_mutex_leave 90031->90066 90033 2d995fe 103 API calls 90033->90035 90034 2d9b9e0 90034->90031 90065 2d99ca7 7 API calls _memset 90034->90065 90035->90031 90035->90033 90035->90034 90055 2d9b67a 90035->90055 90064 2d9b825 117 API calls _memset 90035->90064 90037->90003 90038->90012 90039->90017 90040->90014 90041->90019 90042->90019 90044 2da0579 90043->90044 90045 2da05b0 90044->90045 90047 2da059b 90044->90047 90051 2da05a5 ___crtGetEnvironmentStringsA 90044->90051 90054 2d92d0c sqlite3_free 90045->90054 90053 2d92f8b 6 API calls 90047->90053 90048 2da05bb 90050 2d92eb1 4 API calls 90048->90050 90050->90051 90051->90025 90052->90024 90053->90051 90054->90048 90067 2d9915c 90055->90067 90057 2d9b68c 90058 2d9ae98 117 API calls 90057->90058 90063 2d9b77b 90057->90063 90059 2d9b6a4 90058->90059 90059->90063 90082 2d96ba3 sqlite3_free sqlite3_mutex_enter sqlite3_mutex_leave 90059->90082 90061 2d9b768 90083 2d98759 11 API calls 90061->90083 90063->90035 90064->90035 90065->90031 90066->90030 90068 2d99175 90067->90068 90069 2d991d2 90068->90069 90073 2d991f0 90068->90073 90084 2d98fcb 90068->90084 90069->90057 90071 2d99278 90077 2d992d7 90071->90077 90080 2d9921f 90071->90080 90088 2d98330 117 API calls __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 90071->90088 90073->90071 90075 2d9925c 90073->90075 90076 2d992a0 90073->90076 90073->90077 90073->90080 90079 2d923dd 92 API calls 90075->90079 90078 2d97d1a 2 API calls 90076->90078 90077->90080 90081 2d95544 4 API calls 90077->90081 90078->90071 90079->90071 90080->90069 90089 2d97c79 sqlite3_free sqlite3_free 90080->90089 90081->90080 90082->90061 90083->90063 90085 2d98fef 90084->90085 90086 2d923dd 92 API calls 90085->90086 90087 2d9903e 90085->90087 90086->90087 90087->90073 90088->90077 90089->90069 90090 2da3972 90091 2da398a sqlite3_mutex_enter 90090->90091 90092 2da3a39 90090->90092 90106 2da37dc 90091->90106 90094 2da39a1 90098 2da39da 90094->90098 90099 2da39c2 sqlite3_reset 90094->90099 90104 2da3a16 90094->90104 90115 2dbafc5 154 API calls 90094->90115 90097 2da3a2d sqlite3_mutex_leave 90097->90092 90100 2da39ef sqlite3_value_text 90098->90100 90098->90104 90102 2da37dc 148 API calls 90099->90102 90116 2d92d0c sqlite3_free 90100->90116 90102->90094 90103 2da3a03 90103->90104 90117 2d92faf sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave ___crtGetEnvironmentStringsA 90103->90117 90118 2d93043 134 API calls 90104->90118 90111 2da37f0 90106->90111 90113 2da37f8 90106->90113 90107 2da38a9 90148 2da1ca9 139 API calls 90107->90148 90108 2da38b2 90119 2da47e6 90108->90119 90111->90094 90113->90107 90113->90108 90113->90111 90114 2da38ae 90149 2d93043 134 API calls 90114->90149 90115->90094 90116->90103 90117->90104 90118->90097 90120 2da27d4 sqlite3_mutex_enter 90119->90120 90144 2da483f 90120->90144 90121 2da4c72 90130 2da4d5a 90121->90130 90153 2d9301c 6 API calls 90121->90153 90123 2da9125 90160 2d9301c 6 API calls 90123->90160 90124 2da2853 142 API calls 90126 2da5381 90124->90126 90126->90130 90157 2db0295 12 API calls _memset 90126->90157 90127 2da4c8a 90127->90124 90128 2da0800 132 API calls 90128->90144 90129 2da8ff7 90134 2da901e 90129->90134 90159 2d9301c 6 API calls 90129->90159 90158 2d9a121 sqlite3_mutex_leave 90130->90158 90131 2da27fe 6 API calls 90131->90144 90138 2da2853 142 API calls 90134->90138 90138->90130 90139 2da53b2 90139->90114 90142 2da5359 90156 2d9301c 6 API calls 90142->90156 90144->90121 90144->90123 90144->90127 90144->90128 90144->90129 90144->90131 90144->90142 90146 2da0bee 132 API calls 90144->90146 90147 2da4ce8 90144->90147 90150 2da0cb4 133 API calls ___crtGetEnvironmentStringsA 90144->90150 90151 2da0c90 132 API calls 90144->90151 90152 2da0635 6 API calls 90144->90152 90154 2da270c 120 API calls 90144->90154 90146->90144 90147->90121 90155 2da06e0 6 API calls 90147->90155 90148->90114 90149->90111 90150->90144 90151->90144 90152->90144 90153->90127 90154->90144 90155->90147 90156->90127 90157->90130 90158->90139 90159->90134 90160->90127 90161 2dc5fb6 90169 2db09cd 90161->90169 90164 2dc71f4 90166 2dc71c9 90164->90166 90186 2dc5ad5 10 API calls 90164->90186 90165 2dc71c5 90165->90166 90185 2dc5b75 11 API calls 90165->90185 90170 2db09ec 90169->90170 90184 2db0a02 90169->90184 90171 2db0a09 90170->90171 90172 2db09f5 90170->90172 90188 2db0506 sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave 90171->90188 90187 2d94613 6 API calls 90172->90187 90175 2db0a63 90175->90184 90189 2d92f12 6 API calls ___crtGetEnvironmentStringsA 90175->90189 90177 2db0a11 90177->90175 90179 2db0a8d 90177->90179 90177->90184 90178 2db0a79 90178->90184 90190 2d92d0c sqlite3_free 90178->90190 90191 2d94613 6 API calls 90179->90191 90182 2db0a9d 90192 2d92d0c sqlite3_free 90182->90192 90184->90164 90184->90165 90185->90166 90186->90164 90187->90184 90188->90177 90189->90178 90190->90184 90191->90182 90192->90184 90193 1182b72 PyArg_ParseTuple 90194 1182b9f 90193->90194 90195 1182be0 PyErr_Clear PyArg_ParseTuple 90193->90195 90197 1182baf setsockopt 90194->90197 90196 1182c09 90195->90196 90195->90197 90198 1182bd5 90197->90198 90199 2dbb031 90202 2dbaf40 90199->90202 90203 2dbaf58 90202->90203 90204 2dbaf4f 90202->90204 90204->90203 90205 2dbaf5d sqlite3_mutex_enter 90204->90205 90206 2d9a013 2 API calls 90205->90206 90207 2dbaf6c 90206->90207 90215 2dbac52 90207->90215 90210 2dbaf8d sqlite3_finalize 90211 2dbac52 148 API calls 90210->90211 90213 2dbafab 90211->90213 90268 2d9a09c sqlite3_mutex_leave 90213->90268 90214 2dbafb5 sqlite3_mutex_leave 90214->90203 90216 2d92e8b 4 API calls 90215->90216 90236 2dbac73 90216->90236 90217 2dbac7e 90327 2d92d0c sqlite3_free 90217->90327 90218 2dbace4 90269 2dc1882 90218->90269 90222 2dbaf2b 90328 2d93043 134 API calls 90222->90328 90223 2dbad9d 90273 2dc7c87 90223->90273 90224 2d99f9a 3 API calls 90224->90236 90226 2dbad08 90229 2dbad0d 90226->90229 90230 2dbad52 90226->90230 90228 2dbaf36 90228->90210 90228->90213 90232 2d945a6 134 API calls 90229->90232 90315 2d92fe9 sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave ___crtGetEnvironmentStringsA 90230->90315 90235 2dbad1b 90232->90235 90234 2dbad5f 90237 2dbad7e 90234->90237 90241 2dc7c87 141 API calls 90234->90241 90314 2d93043 134 API calls 90235->90314 90236->90217 90236->90218 90236->90224 90239 2dbad30 90236->90239 90313 2d99ffe sqlite3_mutex_leave 90236->90313 90240 2dbadd0 90237->90240 90317 2dbab94 125 API calls 90237->90317 90242 2d945a6 134 API calls 90239->90242 90247 2dbade0 90240->90247 90318 2db0295 12 API calls _memset 90240->90318 90244 2dbad72 90241->90244 90242->90217 90316 2d92d0c sqlite3_free 90244->90316 90248 2dbae62 90247->90248 90252 2dbae2c 90247->90252 90253 2dbae1c 90247->90253 90249 2dbae87 90248->90249 90322 2d92fe9 sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave ___crtGetEnvironmentStringsA 90248->90322 90250 2dbaeb0 90249->90250 90323 2da2b2f 143 API calls 90249->90323 90257 2dbaee1 90250->90257 90258 2dbaec0 90250->90258 90320 2da22a5 132 API calls 90252->90320 90319 2da22a5 132 API calls 90253->90319 90259 2d945a6 134 API calls 90257->90259 90260 2d945a6 134 API calls 90258->90260 90266 2dbaedf 90259->90266 90261 2dbaed2 90260->90261 90324 2d92d0c sqlite3_free 90261->90324 90263 2dbae24 90263->90248 90321 2da2302 133 API calls 90263->90321 90266->90217 90325 2da1836 132 API calls 90266->90325 90326 2d92d0c sqlite3_free 90266->90326 90268->90214 90270 2dbaceb 90269->90270 90271 2dc1892 90269->90271 90270->90223 90270->90226 90271->90270 90329 2dc1825 sqlite3_free 90271->90329 90274 2dc7cb6 90273->90274 90275 2d92a8e 4 API calls 90274->90275 90279 2dc7cd6 90275->90279 90277 2dc7e50 90280 2dc7e6d sqlite3_free 90277->90280 90344 2dc5ad5 10 API calls 90277->90344 90278 2dc7d6e 90278->90277 90282 2dc7e2f 90278->90282 90283 2dc7618 139 API calls 90278->90283 90279->90278 90285 2dc7dc6 90279->90285 90289 2dc7d64 90279->90289 90311 2dc7d04 90279->90311 90330 2dc7747 90279->90330 90334 2dc7618 90279->90334 90292 2dc7e87 90280->90292 90284 2dc7618 139 API calls 90282->90284 90283->90282 90284->90277 90343 2d92d0c sqlite3_free 90285->90343 90288 2dc7dd1 90290 2d93dd3 6 API calls 90288->90290 90342 2d94613 6 API calls 90289->90342 90290->90278 90294 2dc7eb6 90292->90294 90345 2d9301c 6 API calls 90292->90345 90299 2dc7f04 90294->90299 90301 2dc7eec 90294->90301 90346 2da2b97 132 API calls 90294->90346 90297 2dc7f1c 90300 2dc7f32 90297->90300 90349 2db0425 10 API calls 90297->90349 90348 2d92d0c sqlite3_free 90299->90348 90350 2dbfd7e 10 API calls 90300->90350 90301->90299 90347 2d92d0c sqlite3_free 90301->90347 90304 2dc7f42 90351 2d92d0c sqlite3_free 90304->90351 90306 2dc7f51 90352 2d92d0c sqlite3_free 90306->90352 90308 2dc7f5d 90309 2dc7f82 90308->90309 90353 2d92d0c sqlite3_free 90308->90353 90309->90311 90354 2db0425 10 API calls 90309->90354 90311->90237 90313->90236 90314->90217 90315->90234 90316->90237 90317->90240 90318->90247 90319->90263 90320->90263 90321->90263 90322->90249 90323->90250 90324->90266 90325->90266 90326->90266 90327->90222 90328->90228 90329->90271 90331 2dc775d 90330->90331 90332 2dc77a7 90331->90332 90355 2dc76cf sqlite3_strnicmp 90331->90355 90332->90279 90332->90332 90335 2dc761e 90334->90335 90336 2dc76b6 90335->90336 90338 2dc76b4 90335->90338 90356 2dc5bcb 90335->90356 90368 2d94613 6 API calls 90335->90368 90369 2dc59f0 10 API calls 90335->90369 90370 2dc5b75 11 API calls 90336->90370 90338->90279 90342->90278 90343->90288 90344->90277 90345->90294 90346->90301 90347->90299 90348->90297 90349->90300 90350->90304 90351->90306 90352->90308 90353->90308 90354->90309 90355->90332 90357 2dc5c09 90356->90357 90358 2dc5c17 90356->90358 90357->90358 90359 2dc5c3c 90357->90359 90360 2dc5c46 90357->90360 90361 2dc71f4 90358->90361 90362 2dc71c5 90358->90362 90371 2dafe5b 133 API calls 90359->90371 90372 2db2e23 7 API calls 90360->90372 90364 2dc71c9 90361->90364 90374 2dc5ad5 10 API calls 90361->90374 90362->90364 90373 2dc5b75 11 API calls 90362->90373 90364->90335 90368->90335 90369->90335 90370->90338 90371->90358 90372->90358 90373->90364 90374->90361 90375 2d95ea9 90376 2d95ab0 73 API calls 90375->90376 90377 2d95eb6 90376->90377 90378 2d95ebd 90377->90378 90379 2d95339 GetVersionExA 90377->90379 90380 2d95ec8 90379->90380 90381 2d95ecd GetFileAttributesW 90380->90381 90382 2d95ed5 GetFileAttributesA 90380->90382 90383 2d95edb 90381->90383 90382->90383 90385 2dc9cb5 67 API calls 7 library calls 90383->90385 90385->90378 90386 1193ead 90389 1193736 90386->90389 90458 11936e2 90389->90458 90391 1193a52 PyErr_Occurred 90400 1193ab4 90391->90400 90392 1193a40 sqlite3_get_autocommit 90392->90391 90393 11937bb PyArg_ParseTuple 90401 11937d4 90393->90401 90427 11937f7 90393->90427 90394 119382e PyArg_ParseTuple 90395 1193847 90394->90395 90394->90427 90397 11937e4 PyErr_SetString 90395->90397 90398 1193857 PyList_New 90395->90398 90397->90427 90402 119386b 90398->90402 90398->90427 90401->90397 90404 11938d3 PyObject_GetIter 90401->90404 90407 1193819 90401->90407 90405 1193887 PyList_Append 90402->90405 90406 1193873 PyTuple_New 90402->90406 90404->90407 90404->90427 90405->90401 90405->90427 90406->90405 90406->90427 90409 11938f4 90407->90409 90482 11954f8 PyEval_SaveThread sqlite3_reset PyEval_RestoreThread 90407->90482 90411 119391b PyString_AsString 90409->90411 90412 1193907 PyUnicodeUCS2_AsUTF8String 90409->90412 90414 119393a PyTuple_New 90411->90414 90415 1193932 90411->90415 90413 119391a 90412->90413 90412->90427 90413->90411 90416 1193961 PyTuple_SetItem 90414->90416 90414->90427 90415->90414 90417 1193984 90416->90417 90416->90427 90418 1193990 90417->90418 90483 11954f8 PyEval_SaveThread sqlite3_reset PyEval_RestoreThread 90417->90483 90467 1191111 PyDict_GetItem 90418->90467 90421 1193a0a 90421->90427 90477 11954f8 PyEval_SaveThread sqlite3_reset PyEval_RestoreThread 90421->90477 90424 11939e9 _PyObject_New 90425 11939fe 90424->90425 90424->90427 90426 1194e8a 6 API calls 90425->90426 90426->90421 90427->90391 90427->90392 90428 1193e31 PyIter_Next 90428->90427 90452 1193b1d 90428->90452 90429 1193aca 90429->90428 90430 1193b45 90429->90430 90433 1193aff 90429->90433 90430->90428 90485 1191a97 22 API calls 90430->90485 90433->90428 90433->90452 90484 1191b41 40 API calls 90433->90484 90434 1193b8c PyErr_Occurred 90434->90427 90434->90452 90438 1193e4d PyErr_Occurred 90439 1193e57 90438->90439 90440 1193e66 90438->90440 90443 1193e80 PyErr_Clear 90439->90443 90444 1193e60 PyErr_Print 90439->90444 90490 11954f8 PyEval_SaveThread sqlite3_reset PyEval_RestoreThread 90440->90490 90441 1193c15 PyEval_SaveThread sqlite3_column_count PyEval_RestoreThread 90445 1193c4a PyTuple_New 90441->90445 90441->90452 90443->90440 90444->90440 90445->90427 90445->90452 90447 1193e6e 90491 119566a 11 API calls 90447->90491 90449 11954f8 PyEval_SaveThread sqlite3_reset PyEval_RestoreThread 90449->90452 90451 1193c70 PyTuple_New 90451->90427 90453 1193c83 sqlite3_column_name 90451->90453 90452->90397 90452->90400 90452->90427 90452->90428 90452->90438 90452->90440 90452->90441 90452->90445 90452->90449 90452->90451 90455 1193d9e sqlite3_changes 90452->90455 90457 1193dcd PyEval_SaveThread sqlite3_last_insert_rowid PyEval_RestoreThread PyInt_FromLong 90452->90457 90478 119518a 45 API calls 90452->90478 90479 119563f 90452->90479 90486 119545b 7 API calls 90452->90486 90487 11931b6 10 API calls 90452->90487 90489 11933cb 34 API calls 90452->90489 90488 119334d PyString_FromStringAndSize 90453->90488 90455->90452 90456 1193c99 8 API calls 90456->90451 90456->90452 90457->90452 90459 11936e8 PyErr_SetString 90458->90459 90460 11936fe 90458->90460 90463 11936fb 90459->90463 90460->90459 90462 1193718 90460->90462 90464 119278e 3 API calls 90462->90464 90463->90393 90463->90394 90463->90427 90465 1193721 90464->90465 90465->90463 90466 1191a6a PyErr_SetString 90465->90466 90466->90463 90468 11911af PyDict_Size 90467->90468 90476 1191130 90467->90476 90469 11911fd PyObject_CallFunction 90468->90469 90470 11911be 90468->90470 90471 1191217 PyType_GenericAlloc 90469->90471 90469->90476 90470->90469 90472 11911c5 PyDict_DelItem 90470->90472 90473 119122c PyDict_SetItem 90471->90473 90471->90476 90475 11911de 90472->90475 90472->90476 90473->90476 90475->90469 90476->90421 90476->90424 90476->90427 90477->90429 90478->90434 90480 1195648 PyEval_SaveThread sqlite3_step PyEval_RestoreThread 90479->90480 90481 1195666 90479->90481 90480->90481 90481->90452 90482->90409 90483->90418 90484->90452 90485->90452 90486->90452 90487->90452 90488->90456 90489->90452 90490->90447 90491->90427 90492 2dc5ce7 90500 2db068f 90492->90500 90495 2dc71f4 90497 2dc71c9 90495->90497 90562 2dc5ad5 10 API calls 90495->90562 90496 2dc71c5 90496->90497 90561 2dc5b75 11 API calls 90496->90561 90563 2db05f7 6 API calls 90500->90563 90502 2db06aa 90503 2db06d3 90502->90503 90505 2db06c2 90502->90505 90508 2db06ce 90502->90508 90564 2db0506 sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave 90503->90564 90577 2d94613 6 API calls 90505->90577 90506 2db06f1 90506->90508 90565 2db0643 7 API calls 90506->90565 90508->90495 90508->90496 90510 2db07c3 90584 2d92d0c sqlite3_free 90510->90584 90512 2db0704 90512->90510 90566 2dafce4 90512->90566 90515 2db0778 90515->90510 90517 2db07f1 90515->90517 90573 2dbab74 90515->90573 90516 2dafce4 6 API calls 90516->90515 90519 2d92e8b 4 API calls 90517->90519 90521 2db07fd 90519->90521 90521->90510 90522 2db0822 90521->90522 90522->90508 90585 2dbc4a6 90522->90585 90528 2db07d3 90528->90517 90531 2db07ae 90528->90531 90531->90510 90582 2d94613 6 API calls 90531->90582 90532 2db088d 90533 2db089c 90532->90533 90592 2da14ce 6 API calls 90532->90592 90593 2da1479 6 API calls 90533->90593 90536 2db08c7 90594 2da14e6 6 API calls 90536->90594 90538 2db08db 90595 2da14fd 6 API calls 90538->90595 90540 2db08fe 90596 2da1479 6 API calls 90540->90596 90542 2db0910 90597 2da14fd 6 API calls 90542->90597 90544 2db0928 90598 2da1479 6 API calls 90544->90598 90546 2db096c 90600 2da1479 6 API calls 90546->90600 90547 2db093a 90547->90546 90549 2db0956 90547->90549 90599 2da14fd 6 API calls 90549->90599 90550 2db0967 90601 2db0525 133 API calls 90550->90601 90553 2db0989 90602 2da1479 6 API calls 90553->90602 90555 2db099a 90603 2da1479 6 API calls 90555->90603 90557 2db09a6 90604 2da1479 6 API calls 90557->90604 90559 2db09b4 90605 2da14ce 6 API calls 90559->90605 90561->90497 90562->90495 90563->90502 90564->90506 90565->90512 90567 2dafcf1 90566->90567 90571 2dafd36 90566->90571 90568 2dafd3f 90567->90568 90569 2dafd2c 90567->90569 90567->90571 90568->90571 90607 2d94613 6 API calls 90568->90607 90606 2d94613 6 API calls 90569->90606 90571->90510 90571->90515 90571->90516 90574 2dbab7e 90573->90574 90576 2db0793 90573->90576 90608 2dbaaa7 90574->90608 90576->90510 90578 2db00b8 90576->90578 90577->90508 90579 2db00cb 90578->90579 90581 2db0128 90579->90581 90688 2d9522f sqlite3_strnicmp 90579->90688 90581->90531 90583 2db019f sqlite3_strnicmp 90581->90583 90582->90510 90583->90528 90584->90508 90586 2db0877 90585->90586 90587 2dbc4ae 90585->90587 90586->90508 90591 2db2fe0 139 API calls 90586->90591 90689 2da137e sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave 90587->90689 90589 2dbc4b5 90589->90586 90690 2da14ce 6 API calls 90589->90690 90591->90532 90592->90533 90593->90536 90594->90538 90595->90540 90596->90542 90597->90544 90598->90547 90599->90550 90600->90550 90601->90553 90602->90555 90603->90557 90604->90559 90605->90508 90606->90571 90607->90571 90610 2dbaad0 90608->90610 90609 2dbab5a 90609->90576 90612 2dbab26 90610->90612 90617 2dba7c8 90610->90617 90652 2db0295 12 API calls _memset 90610->90652 90612->90609 90613 2dba7c8 158 API calls 90612->90613 90614 2dbab47 90613->90614 90614->90609 90653 2db0295 12 API calls _memset 90614->90653 90618 2dba7e0 90617->90618 90654 2dba6af 90618->90654 90621 2db00b8 sqlite3_strnicmp 90622 2dba850 90621->90622 90623 2dba869 90622->90623 90624 2d99f9a 3 API calls 90622->90624 90623->90610 90625 2dba883 90624->90625 90626 2dba8b7 90625->90626 90627 2d9b8d6 123 API calls 90625->90627 90633 2dba8e2 90626->90633 90670 2d9f14f 90626->90670 90629 2dba893 90627->90629 90629->90626 90630 2dba89b 90629->90630 90673 2d9301c 6 API calls 90630->90673 90632 2dba997 90634 2dba92c 90632->90634 90639 2dba9c3 90632->90639 90636 2dba916 90633->90636 90637 2db34ac 10 API calls 90633->90637 90674 2d9301c 6 API calls 90634->90674 90635 2dba8af 90680 2d99ffe sqlite3_mutex_leave 90635->90680 90636->90632 90636->90634 90675 2d9b4dd sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_try 90636->90675 90637->90636 90642 2d93dd3 6 API calls 90639->90642 90643 2dba9eb sqlite3_exec 90642->90643 90645 2dbaa1f 90643->90645 90676 2d92d0c sqlite3_free 90645->90676 90647 2dbaa2c 90648 2dbaa3e 90647->90648 90677 2daf3a9 8 API calls 90647->90677 90650 2dba93a 90648->90650 90678 2db0295 12 API calls _memset 90648->90678 90650->90635 90679 2d9c114 122 API calls 90650->90679 90652->90610 90653->90609 90655 2dba6db 90654->90655 90658 2dba6f2 90654->90658 90684 2dba63e 6 API calls 90655->90684 90657 2dba6e8 90657->90621 90657->90623 90658->90657 90659 2dba77e 90658->90659 90660 2dba717 90658->90660 90667 2dba702 90658->90667 90659->90667 90685 2db019f sqlite3_strnicmp 90659->90685 90681 2dca12a 90660->90681 90664 2dba725 sqlite3_exec 90664->90657 90668 2dba745 90664->90668 90665 2dba755 90666 2d92d0c sqlite3_free 90665->90666 90666->90657 90667->90657 90686 2dba63e 6 API calls 90667->90686 90668->90665 90669 2dba63e 6 API calls 90668->90669 90669->90665 90671 2d99f9a 3 API calls 90670->90671 90672 2d9f15b 90671->90672 90673->90635 90674->90650 90675->90632 90676->90647 90677->90648 90678->90650 90679->90635 90680->90623 90682 2dca114 90681->90682 90687 2dccd28 91 API calls strtoxl 90682->90687 90684->90657 90685->90667 90686->90657 90688->90579 90689->90589 90690->90586 90691 1182823 PyInt_AsLong 90692 1182839 PyErr_Occurred 90691->90692 90693 1182847 PyEval_SaveThread 90691->90693 90692->90693 90694 1182843 90692->90694 90695 1182855 90693->90695 90696 1182857 listen PyEval_RestoreThread 90693->90696 90695->90696 90697 1182877 90696->90697 90698 2dc6267 90708 2dbe6ee 90698->90708 90702 2dc6296 90703 2dc71f4 90702->90703 90705 2dc71c5 90702->90705 90704 2dc71c9 90703->90704 90883 2dc5ad5 10 API calls 90703->90883 90705->90704 90882 2dc5b75 11 API calls 90705->90882 90709 2dbe71a 90708->90709 90710 2dbe73f 90708->90710 90709->90710 90711 2dafce4 6 API calls 90709->90711 90881 2dbb2b8 10 API calls 90710->90881 90712 2dbe738 _memset 90711->90712 90712->90710 90714 2dbe769 90712->90714 90957 2dabdbc 10 API calls 90712->90957 90715 2dbf2a0 90714->90715 90718 2dbc4a6 6 API calls 90714->90718 91027 2d92d0c sqlite3_free 90715->91027 90717 2dbf39a 91028 2d92d0c sqlite3_free 90717->91028 90731 2dbe7be 90718->90731 90720 2dbe8fa 90721 2dbe978 90720->90721 90730 2dbe926 90720->90730 90884 2dbb810 90721->90884 90722 2dbe95e 90960 2dbc64f 161 API calls 90722->90960 90724 2dbe985 90724->90715 90726 2dbe9a4 90724->90726 90961 2dab93f sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 90724->90961 90729 2dbe9ee 90726->90729 90962 2dbbb82 140 API calls 90726->90962 90735 2dbea1b 90729->90735 90964 2da14fd 6 API calls 90729->90964 90730->90722 90959 2d94613 6 API calls 90730->90959 90731->90715 90731->90720 90737 2dbe6ee 161 API calls 90731->90737 90958 2dbd898 12 API calls _memset 90731->90958 90734 2dbe9cd 90963 2da1514 133 API calls 90734->90963 90889 2da1575 90735->90889 90737->90731 90740 2dbea27 90893 2dbc4cf 90740->90893 90742 2dbea37 90743 2dbea6c 90742->90743 90965 2dbbb82 140 API calls 90742->90965 90747 2dbea89 90743->90747 90750 2dbeaf5 90743->90750 90745 2dbea59 90966 2da1514 133 API calls 90745->90966 90922 2dc4f1e 90747->90922 90748 2da1575 6 API calls 90758 2dbeb36 90748->90758 90750->90748 90750->90750 90751 2dbeac3 90968 2dbb836 161 API calls 90751->90968 90755 2dbeae6 90969 2dc5665 12 API calls 90755->90969 90757 2dbeaef 90762 2dbf35b 90757->90762 91025 2dbbc1b 133 API calls 90757->91025 90758->90715 90760 2dbec1b 90758->90760 90761 2dbf102 90758->90761 90970 2dbbb82 140 API calls 90760->90970 90766 2dbf11e 90761->90766 90770 2dbf206 90761->90770 90762->90715 91026 2dbc03a 134 API calls 90762->91026 90765 2dbec33 90971 2da1514 133 API calls 90765->90971 91008 2db2f68 139 API calls 90766->91008 90768 2dbec56 90769 2da1575 6 API calls 90768->90769 90773 2dbec80 90769->90773 90771 2dbf233 90770->90771 91015 2dab93f sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 90770->91015 91016 2dbe454 140 API calls 90771->91016 90776 2da1575 6 API calls 90773->90776 90775 2dbf150 91009 2dafd63 6 API calls 90775->91009 90779 2dbec95 90776->90779 90972 2da1479 6 API calls 90779->90972 90780 2dbf26a 90781 2dc4f1e 161 API calls 90780->90781 90784 2dbf288 90781->90784 90783 2dbeccd 90973 2da1479 6 API calls 90783->90973 90787 2dbf293 90784->90787 90788 2dbf2a6 90784->90788 90785 2dbf19e 91011 2da1479 6 API calls 90785->91011 91017 2dabdbc 10 API calls 90787->91017 91018 2dbe562 161 API calls 90788->91018 90789 2dbf161 90789->90785 91010 2db3256 140 API calls 90789->91010 90790 2dbecde 90974 2da14fd 6 API calls 90790->90974 90795 2dbf2b1 90798 2dbf2cf 90795->90798 91019 2da1479 6 API calls 90795->91019 90796 2dbf1bd 90799 2dbf1d5 90796->90799 91012 2da18b1 132 API calls ___crtGetEnvironmentStringsA 90796->91012 90797 2dbecef 90801 2dc4f1e 161 API calls 90797->90801 91020 2dc5665 12 API calls 90798->91020 91013 2da14fd 6 API calls 90799->91013 90813 2dbed06 90801->90813 90804 2dbf1ef 91014 2da14e6 6 API calls 90804->91014 90806 2dbf2d8 91021 2dbe517 133 API calls 90806->91021 90810 2dbf1ff 91022 2dadaeb 161 API calls 90810->91022 90812 2dbf2fc 91023 2dbb836 161 API calls 90812->91023 90813->90715 90820 2dbed20 90813->90820 90975 2dad73e 161 API calls 90813->90975 90815 2dbef10 90985 2da1514 133 API calls 90815->90985 90816 2dbf31a 91024 2dabdbc 10 API calls 90816->91024 90820->90815 90983 2da1479 6 API calls 90820->90983 90984 2dad634 161 API calls 90820->90984 90821 2dbef2f 90986 2da1479 6 API calls 90821->90986 90823 2dbed8d 90976 2da14fd 6 API calls 90823->90976 90826 2dbef47 90987 2dacab1 6 API calls 90826->90987 90829 2dbef5c 90988 2da14fd 6 API calls 90829->90988 90830 2dbee26 90979 2da1479 6 API calls 90830->90979 90832 2dbef74 90989 2da14fd 6 API calls 90832->90989 90836 2dbee40 90980 2da14fd 6 API calls 90836->90980 90837 2dbef8b 90990 2da14fd 6 API calls 90837->90990 90840 2dbeda1 90840->90830 90977 2dac9a0 134 API calls 90840->90977 90978 2da14fd 6 API calls 90840->90978 90841 2dbef9f 90991 2dbe562 161 API calls 90841->90991 90843 2dbee54 90981 2dc5665 12 API calls 90843->90981 90845 2dbefbd 90992 2da1479 6 API calls 90845->90992 90848 2dbee79 90982 2da14fd 6 API calls 90848->90982 90849 2dbefd0 90850 2dbefda 90849->90850 90851 2dbeff0 90849->90851 90993 2da14fd 6 API calls 90850->90993 90994 2dc5665 12 API calls 90851->90994 90855 2dbefeb 90996 2da14fd 6 API calls 90855->90996 90856 2dbeffc 90995 2da1872 132 API calls 90856->90995 90859 2dbf01b 90997 2da1479 6 API calls 90859->90997 90861 2dbf02e 90998 2da1479 6 API calls 90861->90998 90863 2dbf047 90999 2da14e6 6 API calls 90863->90999 90865 2dbf054 91000 2da14fd 6 API calls 90865->91000 90867 2dbf076 91001 2da14e6 6 API calls 90867->91001 90869 2dbf086 91002 2dbe517 133 API calls 90869->91002 90871 2dbf092 91003 2dadaeb 161 API calls 90871->91003 90873 2dbf0a2 91004 2dbb836 161 API calls 90873->91004 90875 2dbf0c7 91005 2da14e6 6 API calls 90875->91005 90877 2dbf0d7 91006 2dbe454 140 API calls 90877->91006 90879 2dbf0ec 91007 2da14e6 6 API calls 90879->91007 90881->90702 90882->90704 90883->90703 90885 2dbb81a 90884->90885 90886 2dbb833 90884->90886 90885->90886 91029 2d94613 6 API calls 90885->91029 90886->90724 90888 2dbb82e 90888->90724 90890 2da158a 90889->90890 90892 2da159d 90889->90892 91030 2d92f8b 6 API calls 90890->91030 90892->90740 90894 2dbc5f7 90893->90894 90895 2dbc4e7 90893->90895 90894->90742 90895->90894 90896 2dbc4a6 6 API calls 90895->90896 90897 2dbc507 90896->90897 90897->90894 90898 2dbc54f 90897->90898 90899 2dbc523 90897->90899 91033 2dad634 161 API calls 90898->91033 91031 2da14fd 6 API calls 90899->91031 90902 2dbc55a 91034 2da14e6 6 API calls 90902->91034 90903 2dbc532 90905 2dbc54a 90903->90905 91032 2da1479 6 API calls 90903->91032 90905->90894 91036 2dad634 161 API calls 90905->91036 90907 2dbc565 91035 2da14fd 6 API calls 90907->91035 90910 2dbc599 91037 2da14e6 6 API calls 90910->91037 90912 2dbc5a4 91038 2da14e6 6 API calls 90912->91038 90914 2dbc5ae 91039 2da1479 6 API calls 90914->91039 90916 2dbc5be 91040 2da1479 6 API calls 90916->91040 90918 2dbc5db 91041 2da14e6 6 API calls 90918->91041 90920 2dbc5e7 91042 2da1479 6 API calls 90920->91042 90923 2dc4f55 90922->90923 90924 2dc4f43 90922->90924 90925 2d92e8b 4 API calls 90923->90925 91043 2d94613 6 API calls 90924->91043 90927 2dc4f75 90925->90927 90929 2da1575 6 API calls 90927->90929 90945 2dc541a 90927->90945 90928 2dbea9d 90928->90715 90928->90751 90967 2da1872 132 API calls 90928->90967 90931 2dc4fa1 _memset 90929->90931 91044 2dc2489 10 API calls 90931->91044 90935 2dc5009 90936 2dc5038 90935->90936 91045 2dadaeb 161 API calls 90935->91045 91046 2dc2833 161 API calls 90936->91046 90937 2dc534c 91049 2db2f68 139 API calls 90937->91049 90939 2dc5614 90939->90928 91057 2dc43cf 161 API calls 90939->91057 90940 2d93dd3 6 API calls 90955 2dc5383 90940->90955 90941 2dc540b 91050 2d94613 6 API calls 90941->91050 90942 2dc532d 90942->90937 90942->90945 91051 2dc4ec1 11 API calls 90945->91051 90946 2dc509f 90946->90941 90946->90942 90946->90945 91047 2dc3a25 142 API calls _memset 90946->91047 91048 2dc3bb8 142 API calls _memset 90946->91048 90951 2d93de4 6 API calls 90951->90955 90952 2da1514 133 API calls 90952->90955 90955->90939 90955->90940 90955->90951 90955->90952 91052 2db687b 133 API calls 90955->91052 91053 2da18b1 132 API calls ___crtGetEnvironmentStringsA 90955->91053 91054 2dafd63 6 API calls 90955->91054 91055 2db3256 140 API calls 90955->91055 91056 2db2f68 139 API calls 90955->91056 90957->90714 90958->90731 90959->90722 90960->90710 90961->90726 90962->90734 90963->90729 90964->90735 90965->90745 90966->90743 90967->90751 90968->90755 90969->90757 90970->90765 90971->90768 90972->90783 90973->90790 90974->90797 90975->90823 90976->90840 90977->90840 90978->90840 90979->90836 90980->90843 90981->90848 90982->90820 90983->90820 90984->90820 90985->90821 90986->90826 90987->90829 90988->90832 90989->90837 90990->90841 90991->90845 90992->90849 90993->90855 90994->90856 90995->90855 90996->90859 90997->90861 90998->90863 90999->90865 91000->90867 91001->90869 91002->90871 91003->90873 91004->90875 91005->90877 91006->90879 91007->90757 91008->90775 91009->90789 91010->90785 91011->90796 91012->90799 91013->90804 91014->90810 91015->90771 91016->90780 91017->90715 91018->90795 91019->90798 91020->90806 91021->90810 91022->90812 91023->90816 91024->90757 91025->90762 91026->90715 91027->90717 91028->90710 91029->90888 91030->90892 91031->90903 91032->90905 91033->90902 91034->90907 91035->90905 91036->90910 91037->90912 91038->90914 91039->90916 91040->90918 91041->90920 91042->90894 91043->90928 91044->90935 91045->90936 91046->90946 91047->90946 91048->90946 91049->90955 91050->90945 91051->90928 91052->90955 91053->90955 91054->90955 91055->90955 91056->90955 91057->90939
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 0118351E
                                    • recv.WS2_32(?,?,?,?), ref: 0118354A
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01183553
                                    • PyErr_SetString.PYTHON27(036A9930,timed out), ref: 0118356D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Err_RestoreSaveStringrecv
                                    • String ID: timed out
                                    • API String ID: 3779218140-3163636755
                                    • Opcode ID: a396bf12a8eea3d83ed4d20881d511f606c5606bf29886cbb355e64ad9fcb9b7
                                    • Instruction ID: 4f43b120a475ee494d4f1db57049e96d72e4fe22613e60f534402f44ade787b0
                                    • Opcode Fuzzy Hash: a396bf12a8eea3d83ed4d20881d511f606c5606bf29886cbb355e64ad9fcb9b7
                                    • Instruction Fuzzy Hash: 9401B1776002005BC614AAADFC8496F7798EBC4272B148736FA79C7286D731D8858BB0
                                    APIs
                                    • PyInt_AsLong.PYTHON27(?), ref: 01182829
                                    • PyErr_Occurred.PYTHON27 ref: 01182839
                                    • PyEval_SaveThread.PYTHON27 ref: 01182849
                                    • listen.WS2_32(?,00000000), ref: 01182860
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01182869
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Err_Int_LongOccurredRestoreSavelisten
                                    • String ID:
                                    • API String ID: 259634465-0
                                    • Opcode ID: d7200d7a617b8e93ac3e6a441eec48bca7a784beea49898d3b7ebd55947a55ee
                                    • Instruction ID: 935a5b2790e8c12a254309680a72af9332f18867a3f851fe6c048009ab3b3bfa
                                    • Opcode Fuzzy Hash: d7200d7a617b8e93ac3e6a441eec48bca7a784beea49898d3b7ebd55947a55ee
                                    • Instruction Fuzzy Hash: 75F081329001219B8B29AB68F8C889F77A8EB89675705C225FC158725BC731DC81CB91
                                    APIs
                                      • Part of subcall function 01184942: PyErr_SetString.PYTHON27(036A9748,getsockaddrarg: bad family,?,?,?,?,?,?,?), ref: 01184975
                                    • PyEval_SaveThread.PYTHON27 ref: 01185593
                                    • bind.WS2_32(?,?,?), ref: 011855A9
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 011855B2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Err_RestoreSaveStringbind
                                    • String ID:
                                    • API String ID: 4267109154-0
                                    • Opcode ID: f806860cbec9f5e94afacb96849a7c77f5b7ab6f842b474eb13cf9ab2a1b6d00
                                    • Instruction ID: eed177664eaf4512193394f852b68935ad8887c25d33d4212ba2331bcaa124ad
                                    • Opcode Fuzzy Hash: f806860cbec9f5e94afacb96849a7c77f5b7ab6f842b474eb13cf9ab2a1b6d00
                                    • Instruction Fuzzy Hash: 420184776001045BC714EE58F8858AB73A8EBC8271F008265FE19C7206EA31D954C7E1
                                    APIs
                                    Strings
                                    • too many terms in compound SELECT, xrefs: 02DBE954
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset
                                    • String ID: too many terms in compound SELECT
                                    • API String ID: 2102423945-2451016212
                                    • Opcode ID: 2ed531fcc8f8c38ece09ec2686d422a0185d22d8abec59385ca871e72262660e
                                    • Instruction ID: 5dd9961aa24e532bd44215be7f1312054a9414e4cf320ba5b6457f62d3f131c1
                                    • Opcode Fuzzy Hash: 2ed531fcc8f8c38ece09ec2686d422a0185d22d8abec59385ca871e72262660e
                                    • Instruction Fuzzy Hash: 33824871608340EFDB219F18C890AAABBE2FF88714F14491DF99A87361D771ED54CB62
                                    APIs
                                      • Part of subcall function 02D95F0F: GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02D95F3B
                                      • Part of subcall function 02D95F0F: _malloc.LIBCMT ref: 02D95F46
                                      • Part of subcall function 02D95339: GetVersionExA.KERNEL32(?), ref: 02D9535C
                                    • GetDiskFreeSpaceW.KERNEL32(00000000,?,00000200,?,?,?,?,?,?), ref: 02D96063
                                    • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,?,?,?), ref: 02D9608B
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: DiskFreeSpace$FullNamePathVersion_malloc
                                    • String ID:
                                    • API String ID: 2105114369-0
                                    • Opcode ID: 8365b6a1a88b1492b7cb92b9462fef977af3fae419ac159df9f681e14899a8f4
                                    • Instruction ID: eb6bbd5ad135981e059f4c42c61205941057d261aff928471c240da9f0f18a9c
                                    • Opcode Fuzzy Hash: 8365b6a1a88b1492b7cb92b9462fef977af3fae419ac159df9f681e14899a8f4
                                    • Instruction Fuzzy Hash: 0D2165B2804108AEDF12ABA4D8C4AEE7BBCEF05304F2404A6F645D7240E770DE84C7E1
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset
                                    • String ID:
                                    • API String ID: 2102423945-0
                                    • Opcode ID: 46e0aca846ad90f6d5d20ef701757dbcf393feaad4cdfa489a0c0fdf2d6413fe
                                    • Instruction ID: 3e24e079420b3d6f8a0edccbfa42dd3ec64e9ab3aca90a73b0e3767733033fa1
                                    • Opcode Fuzzy Hash: 46e0aca846ad90f6d5d20ef701757dbcf393feaad4cdfa489a0c0fdf2d6413fe
                                    • Instruction Fuzzy Hash: 77720871D002299FCF14DFA9D480AADBBB2FF48314F14856AE855AB351E735AE42CF60

                                    Control-flow Graph

                                    APIs
                                    • WSAStartup.WS2_32(00000101,?), ref: 0118108D
                                    • Py_AtExit.PYTHON27(01181000), ref: 011810A0
                                    • Py_InitModule4.PYTHON27(_socket,0118A560,Implementation module for socket operations.See the socket module for documentation.,00000000,000003F5), ref: 011810C6
                                    • PyErr_NewException.PYTHON27(socket.error,?,00000000), ref: 011810EF
                                    • PyModule_AddObject.PYTHON27(00000000,error,00000000), ref: 01181115
                                    • PyErr_NewException.PYTHON27(socket.herror,036A9748,00000000), ref: 01181124
                                    • PyModule_AddObject.PYTHON27(00000000,herror,00000001), ref: 0118113F
                                    • PyErr_NewException.PYTHON27(socket.gaierror,036A9748,00000000), ref: 0118114F
                                    • PyModule_AddObject.PYTHON27(00000000,gaierror,00000001), ref: 0118116A
                                    • PyErr_NewException.PYTHON27(socket.timeout,036A9748,00000000), ref: 0118117A
                                    • PyModule_AddObject.PYTHON27(00000000,timeout,00000001), ref: 01181195
                                    • PyModule_AddObject.PYTHON27(00000000,SocketType,01189AD8), ref: 011811A8
                                    • PyModule_AddObject.PYTHON27(00000000,socket,01189AD8), ref: 011811C6
                                    • PyModule_AddObject.PYTHON27(00000000,has_ipv6,1E1F7BCD), ref: 011811E1
                                    • PyCapsule_New.PYTHON27(0118A680,_socket.CAPI,00000000), ref: 011811EF
                                    • PyModule_AddObject.PYTHON27(00000000,CAPI,00000000), ref: 011811FC
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_UNSPEC,00000000), ref: 01181216
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_INET,00000002), ref: 01181220
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_INET6,00000017), ref: 0118122A
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_IPX,00000006), ref: 01181234
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_APPLETALK,00000010), ref: 0118123E
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_INET6,00000017), ref: 01181248
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_DECnet,0000000C), ref: 01181255
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_SNA,0000000B), ref: 0118125F
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AF_IRDA,0000001A), ref: 01181269
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOCK_STREAM,00000001), ref: 01181273
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOCK_DGRAM,00000002), ref: 0118127D
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOCK_RAW,00000003), ref: 01181287
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOCK_SEQPACKET,00000005), ref: 01181294
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOCK_RDM,00000004), ref: 0118129E
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_DEBUG,00000001), ref: 011812A8
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_ACCEPTCONN,00000002), ref: 011812B2
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_REUSEADDR,00000004), ref: 011812BC
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_EXCLUSIVEADDRUSE,000000FB), ref: 011812C6
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_KEEPALIVE,00000008), ref: 011812D3
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_DONTROUTE,00000010), ref: 011812DD
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_BROADCAST,00000020), ref: 011812E7
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_USELOOPBACK,00000040), ref: 011812F1
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_LINGER,00000080), ref: 011812FE
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_OOBINLINE,00000100), ref: 0118130B
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_SNDBUF,00001001), ref: 0118131B
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_RCVBUF,00001002), ref: 01181328
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_SNDLOWAT,00001003), ref: 01181335
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_RCVLOWAT,00001004), ref: 01181342
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_SNDTIMEO,00001005), ref: 0118134F
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_RCVTIMEO,00001006), ref: 0118135C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_ERROR,00001007), ref: 0118136C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SO_TYPE,00001008), ref: 01181379
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOMAXCONN,7FFFFFFF), ref: 01181386
                                    • PyModule_AddIntConstant.PYTHON27(00000000,MSG_OOB,00000001), ref: 01181390
                                    • PyModule_AddIntConstant.PYTHON27(00000000,MSG_PEEK,00000002), ref: 0118139A
                                    • PyModule_AddIntConstant.PYTHON27(00000000,MSG_DONTROUTE,00000004), ref: 011813A4
                                    • PyModule_AddIntConstant.PYTHON27(00000000,MSG_TRUNC,00000100), ref: 011813B4
                                    • PyModule_AddIntConstant.PYTHON27(00000000,MSG_CTRUNC,00000200), ref: 011813C1
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOL_SOCKET,0000FFFF), ref: 011813CE
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOL_IP,00000000), ref: 011813D8
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOL_TCP,00000006), ref: 011813E2
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SOL_UDP,00000011), ref: 011813EC
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPROTO_IP,00000000), ref: 011813F9
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPROTO_ICMP,00000001), ref: 01181403
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPROTO_TCP,00000006), ref: 0118140D
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPROTO_UDP,00000011), ref: 01181417
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPROTO_RAW,000000FF), ref: 01181424
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPORT_RESERVED,00000400), ref: 01181431
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPPORT_USERRESERVED,00001388), ref: 01181441
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_ANY,00000000), ref: 0118144B
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_BROADCAST,000000FF), ref: 01181455
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_LOOPBACK,7F000001), ref: 01181462
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_UNSPEC_GROUP,E0000000), ref: 0118146F
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_ALLHOSTS_GROUP,E0000001), ref: 0118147C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_MAX_LOCAL_GROUP,E00000FF), ref: 0118148C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,INADDR_NONE,000000FF), ref: 01181496
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_OPTIONS,00000001), ref: 011814A0
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_HDRINCL,00000002), ref: 011814AA
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_TOS,00000003), ref: 011814B4
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_TTL,00000004), ref: 011814BE
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_RECVDSTADDR,00000019), ref: 011814CB
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_MULTICAST_IF,00000009), ref: 011814D5
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_MULTICAST_TTL,0000000A), ref: 011814DF
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_MULTICAST_LOOP,0000000B), ref: 011814E9
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_ADD_MEMBERSHIP,0000000C), ref: 011814F3
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IP_DROP_MEMBERSHIP,0000000D), ref: 011814FD
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_JOIN_GROUP,0000000C), ref: 0118150A
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_LEAVE_GROUP,0000000D), ref: 01181514
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_MULTICAST_HOPS,0000000A), ref: 0118151E
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_MULTICAST_IF,00000009), ref: 01181528
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_MULTICAST_LOOP,0000000B), ref: 01181532
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_UNICAST_HOPS,00000004), ref: 0118153C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_V6ONLY,0000001B), ref: 01181549
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_CHECKSUM,0000001A), ref: 01181553
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_DONTFRAG,0000000E), ref: 0118155D
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_HOPLIMIT,00000015), ref: 01181567
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_HOPOPTS,00000001), ref: 01181571
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_PKTINFO,00000013), ref: 0118157B
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_RECVRTHDR,00000026), ref: 01181588
                                    • PyModule_AddIntConstant.PYTHON27(00000000,IPV6_RTHDR,00000020), ref: 01181592
                                    • PyModule_AddIntConstant.PYTHON27(00000000,TCP_NODELAY,00000001), ref: 0118159C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,TCP_MAXSEG,00000004), ref: 011815A6
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_AGAIN,00002AFA), ref: 011815B3
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_BADFLAGS,00002726), ref: 011815C0
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_FAIL,00002AFB), ref: 011815D0
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_FAMILY,0000273F), ref: 011815DD
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_MEMORY,00000008), ref: 011815E7
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_NODATA,00002AF9), ref: 011815F4
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_NONAME,00002AF9), ref: 01181601
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_SERVICE,0000277D), ref: 0118160E
                                    • PyModule_AddIntConstant.PYTHON27(00000000,EAI_SOCKTYPE,0000273C), ref: 0118161E
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_PASSIVE,00000001), ref: 01181628
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_CANONNAME,00000002), ref: 01181632
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_NUMERICHOST,00000004), ref: 0118163C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_NUMERICSERV,00000008), ref: 01181646
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_ALL,00000100), ref: 01181653
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_ADDRCONFIG,00000400), ref: 01181663
                                    • PyModule_AddIntConstant.PYTHON27(00000000,AI_V4MAPPED,00000800), ref: 01181670
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_MAXHOST,00000401), ref: 0118167D
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_MAXSERV,00000020), ref: 01181687
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_NOFQDN,00000001), ref: 01181691
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_NUMERICHOST,00000002), ref: 0118169B
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_NAMEREQD,00000004), ref: 011816A8
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_NUMERICSERV,00000008), ref: 011816B2
                                    • PyModule_AddIntConstant.PYTHON27(00000000,NI_DGRAM,00000010), ref: 011816BC
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SHUT_RD,00000000), ref: 011816C6
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SHUT_WR,00000001), ref: 011816D0
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SHUT_RDWR,00000002), ref: 011816DA
                                    • PyLong_FromUnsignedLong.PYTHON27(98000001), ref: 01181706
                                    • PyModule_AddObject.PYTHON27(00000000,?,00000000), ref: 0118171A
                                    • PyModule_AddIntConstant.PYTHON27(00000000,RCVALL_OFF,00000000), ref: 0118172F
                                    • PyModule_AddIntConstant.PYTHON27(00000000,RCVALL_ON,00000001), ref: 01181739
                                    • PyModule_AddIntConstant.PYTHON27(00000000,RCVALL_SOCKETLEVELONLY,00000002), ref: 01181743
                                    • PyModule_AddIntConstant.PYTHON27(00000000,RCVALL_MAX,00000003), ref: 0118174D
                                    • PyThread_allocate_lock.PYTHON27 ref: 01181752
                                    • PyOS_snprintf.PYTHON27(?,00000064,WSAStartup failed: error code %d,00000000), ref: 011821C2
                                    • PyErr_SetString.PYTHON27(?,?), ref: 011821D5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Module_$Constant$Object$Err_$Exception$Capsule_ExitFromInitLongLong_Module4S_snprintfStartupStringThread_allocate_lockUnsigned
                                    • String ID: AF_APPLETALK$AF_DECnet$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$CAPI$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_ICMP$IPPROTO_IP$IPPROTO_RAW$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RTHDR$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_DROP_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_RECVDSTADDR$IP_TOS$IP_TTL$Implementation module for socket operations.See the socket module for documentation.$MSG_CTRUNC$MSG_DONTROUTE$MSG_OOB$MSG_PEEK$MSG_TRUNC$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket$_socket.CAPI$error$gaierror$has_ipv6$herror$socket$socket.error$socket.gaierror$socket.herror$socket.timeout$timeout
                                    • API String ID: 2774217726-2531213993
                                    • Opcode ID: 5ef96b691f4d5737f385ac22319dcd71525c266002243dd9e4fd4fb784584e85
                                    • Instruction ID: 83c21c641cd17fa22bfdddc1ad156f8ed34aea1ab7165d6b231d2d47d7dc4d2f
                                    • Opcode Fuzzy Hash: 5ef96b691f4d5737f385ac22319dcd71525c266002243dd9e4fd4fb784584e85
                                    • Instruction Fuzzy Hash: F4F138603C1B6876E13A76278C4BF9F39199FD2F05F12C118FA50395C2DBD95242CEAA
                                    APIs
                                      • Part of subcall function 011936E2: PyErr_SetString.PYTHON27(Recursive use of cursors not allowed.,01193762), ref: 011936F3
                                    • PyArg_ParseTuple.PYTHON27(?,011980F8,?,?), ref: 011937C3
                                    • PyErr_SetString.PYTHON27(1E1F35DC,operation parameter must be str or unicode), ref: 011937F0
                                    • PyArg_ParseTuple.PYTHON27(?,O|O,?,?), ref: 01193836
                                    • PyList_New.PYTHON27(00000000), ref: 01193858
                                    • PyTuple_New.PYTHON27(00000000), ref: 01193874
                                    • PyList_Append.PYTHON27(?,?), ref: 01193893
                                    • PyObject_GetIter.PYTHON27(?), ref: 011938D3
                                    • PyUnicodeUCS2_AsUTF8String.PYTHON27(?), ref: 01193907
                                    • PyString_AsString.PYTHON27(?), ref: 0119391B
                                    • PyTuple_New.PYTHON27(00000001), ref: 0119394E
                                    • PyTuple_SetItem.PYTHON27(?,00000000,?), ref: 01193977
                                    • _PyObject_New.PYTHON27(0119A010), ref: 011939EE
                                    • sqlite3_get_autocommit.SQLITE3(?), ref: 01193A41
                                    • PyErr_Occurred.PYTHON27 ref: 01193AA6
                                    • PyErr_Occurred.PYTHON27 ref: 01193B8F
                                    • PyEval_SaveThread.PYTHON27 ref: 01193C15
                                    • sqlite3_column_count.SQLITE3(?), ref: 01193C23
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01193C2E
                                    • PyTuple_New.PYTHON27(?), ref: 01193C4E
                                    • PyTuple_New.PYTHON27(00000007), ref: 01193C72
                                    • sqlite3_column_name.SQLITE3(?,?), ref: 01193C8D
                                    • PyTuple_SetItem.PYTHON27(00000000,00000000,00000000,?,?), ref: 01193C9D
                                    • PyTuple_SetItem.PYTHON27(00000000,00000001), ref: 01193CB2
                                    • PyTuple_SetItem.PYTHON27(00000000,00000002), ref: 01193CC7
                                    • PyTuple_SetItem.PYTHON27(00000000,00000003), ref: 01193CDC
                                    • PyTuple_SetItem.PYTHON27(00000000,00000004), ref: 01193CF1
                                    • PyTuple_SetItem.PYTHON27(00000000,00000005), ref: 01193D06
                                    • PyTuple_SetItem.PYTHON27(00000000,00000006), ref: 01193D1B
                                    • PyTuple_SetItem.PYTHON27(?,?,00000000), ref: 01193D29
                                    • sqlite3_changes.SQLITE3(?), ref: 01193DA4
                                    • PyEval_SaveThread.PYTHON27 ref: 01193DCD
                                    • sqlite3_last_insert_rowid.SQLITE3(?), ref: 01193DDB
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01193DEA
                                    • PyInt_FromLong.PYTHON27(?), ref: 01193DF5
                                    • PyIter_Next.PYTHON27(?), ref: 01193E35
                                    • PyErr_Occurred.PYTHON27 ref: 01193E4D
                                    • PyErr_Print.PYTHON27 ref: 01193E60
                                    • PyErr_Clear.PYTHON27 ref: 01193E80
                                      • Part of subcall function 011954F8: PyEval_SaveThread.PYTHON27(1E002A07,?,01191712), ref: 01195506
                                      • Part of subcall function 011954F8: sqlite3_reset.SQLITE3(?), ref: 01195511
                                      • Part of subcall function 011954F8: PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01195519
                                    Strings
                                    • operation parameter must be str or unicode, xrefs: 011937E9
                                    • e, xrefs: 01193D5A
                                    • O|O, xrefs: 0119382E
                                    • Error while building row_cast_map, xrefs: 01193E88
                                    • executemany() can only execute DML statements., xrefs: 01193E98
                                    • You cannot execute SELECT statements in executemany()., xrefs: 01193B35
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Tuple_$Item$Err_$Eval_Thread$String$OccurredRestoreSave$Arg_List_Object_ParseTuple$AppendClearFromInt_IterIter_LongNextPrintString_Unicodesqlite3_changessqlite3_column_countsqlite3_column_namesqlite3_get_autocommitsqlite3_last_insert_rowidsqlite3_reset
                                    • String ID: Error while building row_cast_map$O|O$You cannot execute SELECT statements in executemany().$e$executemany() can only execute DML statements.$operation parameter must be str or unicode
                                    • API String ID: 3795589304-3612575075
                                    • Opcode ID: 6f7acd82c1ac2f91da035fb4ee7f6744be547af57b036d655970757d89f6d269
                                    • Instruction ID: f873477d572a4df34f84130a6561b21982ef364f95999ce777d885b4d08b39de
                                    • Opcode Fuzzy Hash: 6f7acd82c1ac2f91da035fb4ee7f6744be547af57b036d655970757d89f6d269
                                    • Instruction Fuzzy Hash: 18328C71624201DFCF2D9F28D888A5A7BF5FF09724B1544AAE939CB296D730D841CF91

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 220 2d9afdb-2d9aff4 221 2d9b00b 220->221 222 2d9aff6-2d9b009 220->222 223 2d9b00e-2d9b022 call 2d92e65 221->223 222->221 222->223 226 2d9b02c-2d9b040 223->226 227 2d9b024-2d9b027 223->227 228 2d9b159-2d9b165 call 2d92e65 226->228 229 2d9b046-2d9b04b 226->229 230 2d9b1a3-2d9b1a7 227->230 236 2d9b1c8-2d9b1d4 call 2d98cad 228->236 237 2d9b167 228->237 229->228 231 2d9b051-2d9b054 229->231 231->228 233 2d9b05a-2d9b061 231->233 233->228 235 2d9b067-2d9b07a call 2d92a8e 233->235 246 2d9b08d-2d9b0cb call 2d92674 sqlite3_mutex_enter call 2d92674 sqlite3_mutex_enter 235->246 247 2d9b07c-2d9b088 sqlite3_free 235->247 241 2d9b1d9-2d9b1e1 236->241 240 2d9b16e-2d9b170 237->240 243 2d9b17d-2d9b190 sqlite3_free * 2 240->243 244 2d9b172-2d9b176 240->244 241->240 245 2d9b1e3-2d9b1fe call 2dcc890 241->245 249 2d9b191-2d9b195 243->249 244->243 248 2d9b178 call 2d988ec 244->248 256 2d9b21d-2d9b225 245->256 257 2d9b200-2d9b218 call 2d92397 245->257 274 2d9b0cd-2d9b0d5 246->274 275 2d9b13e-2d9b150 sqlite3_mutex_leave sqlite3_free 246->275 247->230 248->243 252 2d9b1a0 249->252 253 2d9b197-2d9b19f sqlite3_mutex_leave 249->253 252->230 253->252 256->240 260 2d9b22b-2d9b275 256->260 257->256 268 2d9b21a 257->268 263 2d9b2b7-2d9b2bf 260->263 264 2d9b277-2d9b27f 260->264 266 2d9b2cc 263->266 267 2d9b2c1-2d9b2c4 263->267 264->263 269 2d9b281-2d9b289 264->269 272 2d9b2d0-2d9b2e4 call 2d98759 266->272 267->266 271 2d9b2c6-2d9b2c9 267->271 268->256 269->263 273 2d9b28b-2d9b2b5 call 2d94f67 * 2 269->273 271->266 272->240 292 2d9b2ea-2d9b2fe 272->292 273->272 280 2d9b0d7-2d9b0db 274->280 276 2d9b360-2d9b364 275->276 277 2d9b156 275->277 284 2d9b3cc-2d9b3d1 276->284 285 2d9b366-2d9b370 276->285 277->228 282 2d9b0dd-2d9b0df 280->282 283 2d9b0f5-2d9b0f7 280->283 288 2d9b0f1-2d9b0f3 282->288 289 2d9b0e1-2d9b0e7 282->289 290 2d9b0fa-2d9b0fc 283->290 284->249 285->284 291 2d9b372-2d9b375 285->291 288->290 289->283 294 2d9b0e9-2d9b0ef 289->294 295 2d9b0fe-2d9b105 290->295 296 2d9b107-2d9b10c 290->296 297 2d9b378-2d9b37c 291->297 292->284 298 2d9b304-2d9b31e call 2d92674 292->298 294->280 294->288 295->296 299 2d9b110-2d9b117 295->299 296->274 302 2d9b10e 296->302 300 2d9b37e-2d9b382 297->300 301 2d9b384-2d9b38b 297->301 312 2d9b340-2d9b35f sqlite3_mutex_enter sqlite3_mutex_leave 298->312 313 2d9b320-2d9b32c call 2d92674 298->313 306 2d9b119-2d9b121 299->306 307 2d9b138-2d9b13b 299->307 300->301 304 2d9b392-2d9b395 300->304 301->297 305 2d9b38d 301->305 302->275 310 2d9b38f 304->310 311 2d9b397-2d9b39d 304->311 305->284 309 2d9b125-2d9b129 306->309 307->275 314 2d9b12b-2d9b12e 309->314 315 2d9b130-2d9b136 309->315 310->304 316 2d9b39f-2d9b3a8 311->316 317 2d9b3b4-2d9b3b7 311->317 312->276 313->312 323 2d9b32e-2d9b33b 313->323 314->315 322 2d9b1a8-2d9b1c1 sqlite3_mutex_leave * 2 sqlite3_free 314->322 315->307 315->309 316->284 320 2d9b3b9-2d9b3c4 317->320 321 2d9b3aa-2d9b3b0 317->321 324 2d9b3c9 320->324 325 2d9b3c6 320->325 321->320 326 2d9b3b2 321->326 322->236 323->240 324->284 325->324 326->317
                                    APIs
                                    • sqlite3_free.SQLITE3(?,?,0000021E,00000000), ref: 02D9B080
                                    • sqlite3_mutex_enter.SQLITE3(00000000), ref: 02D9B0AA
                                    • sqlite3_mutex_enter.SQLITE3(00000000), ref: 02D9B0BC
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02D9B141
                                    • sqlite3_free.SQLITE3(00000000), ref: 02D9B148
                                    • sqlite3_free.SQLITE3(00000000,?,0000021E,00000000), ref: 02D9B17E
                                    • sqlite3_free.SQLITE3(?,?,0000021E,00000000), ref: 02D9B185
                                    • sqlite3_mutex_leave.SQLITE3(00000000,?,0000021E,00000000), ref: 02D9B19A
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02D9B1AB
                                    • sqlite3_mutex_leave.SQLITE3(00000000), ref: 02D9B1B4
                                    • sqlite3_free.SQLITE3(00000000), ref: 02D9B1BB
                                    • _memset.LIBCMT ref: 02D9B1EF
                                    • sqlite3_mutex_enter.SQLITE3(00000000), ref: 02D9B343
                                    • sqlite3_mutex_leave.SQLITE3(00000000), ref: 02D9B35A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_mutex_leave$sqlite3_mutex_enter$_memset
                                    • String ID: :memory:
                                    • API String ID: 2963990332-2920599690
                                    • Opcode ID: 2946ac183221577b0b7be188f5f6871366655b517cedfd0a15874ff7b118dbcd
                                    • Instruction ID: 31fa8bd6a55b168ed8a2b99d7859483240581bb836d205549c870f1a1c5e6a35
                                    • Opcode Fuzzy Hash: 2946ac183221577b0b7be188f5f6871366655b517cedfd0a15874ff7b118dbcd
                                    • Instruction Fuzzy Hash: D8D1CE71900245AFDF24EF64E884BAABBB5EF05318F15855AF8859B391D730ED84CFA0

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 327 2dc91f9-2dc9209 sqlite3_initialize 328 2dc920f-2dc9217 327->328 329 2dc94bb-2dc94bc 327->329 330 2dc9219-2dc9221 328->330 331 2dc9223-2dc9225 328->331 330->331 332 2dc9227-2dc922f 330->332 333 2dc923c-2dc9244 331->333 336 2dc9236 332->336 337 2dc9231-2dc9234 332->337 334 2dc9246-2dc924e 333->334 335 2dc9250-2dc9256 333->335 338 2dc9260-2dc9277 call 2d92e65 334->338 335->338 339 2dc9258 335->339 336->333 337->333 342 2dc927d-2dc927f 338->342 343 2dc9488-2dc9494 sqlite3_errcode 338->343 339->338 344 2dc929e-2dc9316 sqlite3_mutex_enter sqlite3_vfs_find 342->344 345 2dc9281-2dc928e call 2d92674 342->345 346 2dc9496-2dc949f sqlite3_close 343->346 347 2dc94a1-2dc94a3 343->347 351 2dc9318-2dc932d call 2d945a6 344->351 352 2dc9332-2dc9382 call 2dc90bd * 4 344->352 345->344 357 2dc9290-2dc9299 sqlite3_free 345->357 349 2dc94ac-2dc94ba 346->349 347->349 350 2dc94a5 347->350 349->329 350->349 360 2dc947e-2dc9487 sqlite3_mutex_leave 351->360 352->360 366 2dc9388-2dc93d3 call 2db34ac call 2dc90bd call 2dc8f09 352->366 357->343 360->343 373 2dc93ef-2dc943c call 2db3783 * 2 366->373 374 2dc93d5-2dc93da 366->374 373->360 383 2dc943e-2dc945f call 2d945a6 call 2db55b3 call 2db8b95 sqlite3_errcode 373->383 375 2dc93dc-2dc93de 374->375 376 2dc93df-2dc93ea call 2d945a6 374->376 375->376 376->360 383->360 390 2dc9461-2dc9476 call 2d945a6 call 2dc85b9 383->390 394 2dc947b 390->394 394->360
                                    APIs
                                    • sqlite3_initialize.SQLITE3(?,02DC94CE,?,?,00000006,00000000), ref: 02DC9202
                                    • sqlite3_free.SQLITE3(00000000,?,?,?,02DC94CE,?,?,00000006,00000000), ref: 02DC9291
                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,02DC94CE,?,?,00000006,00000000), ref: 02DC92A2
                                    • sqlite3_vfs_find.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,02DC94CE,?,?,00000006,00000000), ref: 02DC930A
                                    • sqlite3_errcode.SQLITE3(00000000,00000000,00000000,00000000), ref: 02DC9455
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DC9481
                                    • sqlite3_errcode.SQLITE3(00000000,?,?,?,02DC94CE,?,?,00000006,00000000), ref: 02DC9489
                                    • sqlite3_close.SQLITE3(00000000,?,?,?,02DC94CE,?,?,00000006,00000000), ref: 02DC9497
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_errcode$sqlite3_closesqlite3_freesqlite3_initializesqlite3_mutex_entersqlite3_mutex_leavesqlite3_vfs_find
                                    • String ID: BINARY$NOCASE$RTRIM$no such vfs: %s$temp
                                    • API String ID: 1832012192-322815486
                                    • Opcode ID: e5785ad02b0041580c6a2bcd09b533c837ea00b4f83b0b12758372ee4fa74450
                                    • Instruction ID: a56bdca321ba0e23263891b786055e860557847997faf19fd64d34ed178b7a7e
                                    • Opcode Fuzzy Hash: e5785ad02b0041580c6a2bcd09b533c837ea00b4f83b0b12758372ee4fa74450
                                    • Instruction Fuzzy Hash: 5171D5B1508349AFDB21AF24DC84FAB7BA9EB44364F20805DFC899B351D7719D44CEA0

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 395 2db8603-2db8624 396 2db862d-2db863d sqlite3_mutex_enter call 2d945a6 395->396 397 2db8626 395->397 399 2db8642-2db8643 396->399 397->396 400 2db8644-2db8648 399->400 401 2db864a-2db864f 400->401 402 2db8664-2db866a 400->402 403 2db880f-2db8815 401->403 404 2db8655-2db865e 401->404 402->403 405 2db8670-2db8694 sqlite3_prepare 402->405 406 2db881c-2db8839 call 2d92d0c call 2d93043 403->406 407 2db8817 call 2da2b2f 403->407 404->402 404->403 405->400 408 2db8696-2db869a 405->408 425 2db883b-2db8844 sqlite3_errcode 406->425 426 2db8896-2db889b 406->426 407->406 411 2db869c-2db86a3 408->411 412 2db86a5-2db86b5 sqlite3_column_count 408->412 411->400 414 2db86b7-2db86c8 sqlite3_step 412->414 416 2db878f-2db8794 414->416 417 2db86ce-2db86d1 414->417 416->414 418 2db879a-2db87ae call 2da2b2f 416->418 420 2db86d3-2db86d6 417->420 421 2db86f6-2db86fa 417->421 437 2db87cf-2db87df call 2d92d0c 418->437 438 2db87b0-2db87bb 418->438 420->416 427 2db86dc-2db86e0 420->427 422 2db873f-2db8744 421->422 423 2db86fc-2db8713 call 2d92e8b 421->423 432 2db877c-2db878d 422->432 433 2db8746-2db874f 422->433 423->403 442 2db8719-2db871b 423->442 425->426 434 2db8846-2db884b 425->434 430 2db889f-2db88b3 sqlite3_mutex_leave 426->430 431 2db889d 426->431 427->418 435 2db86e6-2db86f0 427->435 431->430 432->416 455 2db87ef-2db880e call 2da2b2f call 2d945a6 432->455 439 2db877a 433->439 440 2db8751-2db8762 sqlite3_column_text 433->440 434->430 441 2db884d-2db886b sqlite3_errmsg call 2d9458c call 2d92a8e 434->441 435->418 435->421 437->399 443 2db87c3-2db87cd 438->443 439->432 445 2db8775-2db8778 440->445 446 2db8764-2db8773 sqlite3_column_type 440->446 461 2db886d-2db8882 sqlite3_errmsg call 2dccd60 441->461 462 2db8884-2db8894 call 2d945a6 441->462 449 2db871d-2db8733 sqlite3_column_name 442->449 450 2db8735-2db873d 442->450 443->437 451 2db87bd-2db87c0 443->451 445->439 445->440 446->445 453 2db87e4-2db87ed 446->453 449->449 449->450 450->422 451->443 453->403 455->403 461->430 462->430
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8633
                                    • sqlite3_prepare.SQLITE3(00000000,?,000000FF,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8686
                                    • sqlite3_column_count.SQLITE3(?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB86AD
                                    • sqlite3_step.SQLITE3(?,?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB86BB
                                    • sqlite3_column_name.SQLITE3(?,00000000,?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8722
                                    • sqlite3_column_text.SQLITE3(00000064,00000000), ref: 02DB8756
                                    • sqlite3_column_type.SQLITE3(00000064,00000000), ref: 02DB8769
                                    • sqlite3_errcode.SQLITE3(00000000,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB883C
                                    • sqlite3_errmsg.SQLITE3(00000000,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8850
                                    • sqlite3_errmsg.SQLITE3(00000000,00000001,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8871
                                    • sqlite3_mutex_leave.SQLITE3(?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB88A5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_errmsg$sqlite3_column_countsqlite3_column_namesqlite3_column_textsqlite3_column_typesqlite3_errcodesqlite3_mutex_entersqlite3_mutex_leavesqlite3_preparesqlite3_step
                                    • String ID: d
                                    • API String ID: 2051246133-2564639436
                                    • Opcode ID: f979abb0abaedf154195586ec04f4592c3fc313a98720b6ab9d0ebaeb31dbe7e
                                    • Instruction ID: bb36628d2b929bbdb570bc32cc3eb34091b4cb8bdd9553eed1ca007f89c93b81
                                    • Opcode Fuzzy Hash: f979abb0abaedf154195586ec04f4592c3fc313a98720b6ab9d0ebaeb31dbe7e
                                    • Instruction Fuzzy Hash: DA817D31408341DBCB12DF28D85499EBBEAEF84754F10491EF89696390D731CD45DFA2

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 468 2dba7c8-2dba7de 469 2dba7ee-2dba7f3 468->469 470 2dba7e0-2dba7ec 468->470 471 2dba7fa-2dba834 call 2dba6af 469->471 470->471 474 2dba83a-2dba854 call 2db00b8 471->474 475 2dbaa92-2dbaa95 471->475 481 2dba85a-2dba867 474->481 482 2dba856 474->482 476 2dbaa9e 475->476 477 2dbaa97-2dbaa9c 475->477 479 2dbaaa2-2dbaaa6 476->479 477->476 477->479 483 2dba869-2dba86d 481->483 484 2dba87e-2dba88a call 2d99f9a 481->484 482->481 485 2dba86f-2dba872 483->485 486 2dba877-2dba879 483->486 489 2dba8be-2dba8c3 484->489 490 2dba88c-2dba88e call 2d9b8d6 484->490 485->486 486->479 491 2dba8c6-2dba8e0 call 2d9f14f 489->491 494 2dba893-2dba899 490->494 498 2dba8e2-2dba8f1 491->498 496 2dba89b-2dba8b2 call 2dc8a90 call 2d9301c 494->496 497 2dba8b7 494->497 513 2dbaa87-2dbaa8f call 2d99ffe 496->513 497->489 500 2dba948-2dba952 498->500 501 2dba8f3-2dba8f6 498->501 503 2dba957-2dba96c 500->503 504 2dba8f8-2dba8fa 501->504 505 2dba91e-2dba92a 501->505 507 2dba99a-2dba9aa 503->507 508 2dba96e-2dba973 503->508 509 2dba8fe-2dba91c call 2db34ac 504->509 510 2dba8fc 504->510 505->503 511 2dba92c 505->511 517 2dba9ac 507->517 518 2dba9b0-2dba9b7 507->518 514 2dba97c 508->514 515 2dba975-2dba97a 508->515 509->503 510->509 519 2dba931-2dba943 call 2d9301c 511->519 513->475 521 2dba97e 514->521 522 2dba980-2dba997 call 2d9b4dd 514->522 515->514 517->518 524 2dba9b9-2dba9be 518->524 525 2dba9c3-2dba9c7 518->525 533 2dbaa79-2dbaa7d 519->533 521->522 522->507 524->519 530 2dba9c9-2dba9cc 525->530 531 2dba9d5-2dbaa1d call 2d93dd3 sqlite3_exec 525->531 530->531 532 2dba9ce 530->532 539 2dbaa1f-2dbaa22 531->539 540 2dbaa25-2dbaa32 call 2d92d0c 531->540 532->531 533->513 536 2dbaa7f-2dbaa82 call 2d9c114 533->536 536->513 539->540 543 2dbaa3e-2dbaa42 540->543 544 2dbaa34-2dbaa39 call 2daf3a9 540->544 546 2dbaa54-2dbaa58 543->546 547 2dbaa44-2dbaa4f call 2db0295 543->547 544->543 549 2dbaa5a-2dbaa61 546->549 550 2dbaa63-2dbaa72 546->550 547->546 549->550 551 2dbaa76 549->551 550->551 551->533
                                    APIs
                                      • Part of subcall function 02D99F9A: sqlite3_mutex_try.SQLITE3(?,02D9C322,?,?,?,?,00000000,02DA21D6,?,?,?,02DA1C88,?,00000000,?,02DA0AB7), ref: 02D99FAF
                                    • sqlite3_exec.SQLITE3(00000000,00000000,Function_0002A6AF,?,00000000,SELECT name, rootpage, sql FROM '%q'.%s,?,00000000,?,?,00000000,00000001), ref: 02DBAA0A
                                    Strings
                                    • sqlite_master, xrefs: 02DBA7F3
                                    • SELECT name, rootpage, sql FROM '%q'.%s, xrefs: 02DBA9E1
                                    • sqlite_temp_master, xrefs: 02DBA7E5
                                    • unsupported file format, xrefs: 02DBA9B9
                                    • CREATE TABLE sqlite_master( type text, name text, tbl_name text, rootpage integer, sql text), xrefs: 02DBA7EE
                                    • attached databases must use the same text encoding as main database, xrefs: 02DBA92C
                                    • CREATE TEMP TABLE sqlite_temp_master( type text, name text, tbl_name text, rootpage integer, sql text), xrefs: 02DBA7E0
                                    • BINARY, xrefs: 02DBA908
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_execsqlite3_mutex_try
                                    • String ID: BINARY$CREATE TABLE sqlite_master( type text, name text, tbl_name text, rootpage integer, sql text)$CREATE TEMP TABLE sqlite_temp_master( type text, name text, tbl_name text, rootpage integer, sql text)$SELECT name, rootpage, sql FROM '%q'.%s$attached databases must use the same text encoding as main database$sqlite_master$sqlite_temp_master$unsupported file format
                                    • API String ID: 1610208162-1796188395
                                    • Opcode ID: 671cb0afb84792181dea489f1eadf808af36cfec95214a8643e474f587beeb07
                                    • Instruction ID: 5da3334f9d8fb3827ac4069892849075e6250a822266d3fd679cbca1a899184c
                                    • Opcode Fuzzy Hash: 671cb0afb84792181dea489f1eadf808af36cfec95214a8643e474f587beeb07
                                    • Instruction Fuzzy Hash: E6A18C70A04205EFDF22CF58C490AEDBBB1EF49324F25849AE84A9B351D731EE45CB60

                                    Control-flow Graph

                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 0118345E
                                    • PyEval_SaveThread.PYTHON27 ref: 0118347B
                                    • send.WS2_32(?,?,?,?), ref: 011834A5
                                    • PyEval_RestoreThread.PYTHON27(?), ref: 011834B8
                                    • PyBuffer_Release.PYTHON27(?), ref: 011834C3
                                    • PyErr_SetString.PYTHON27(036A9930,timed out), ref: 011834DD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_Buffer_Err_ParseReleaseRestoreSaveStringTuplesend
                                    • String ID: s*|i:send$timed out
                                    • API String ID: 3585341661-1224686747
                                    • Opcode ID: 5eaf47982bced67d709cf9d718b32752ccd231726d051d2f8b23ce9b54909c6d
                                    • Instruction ID: b67de5499a27ee0c97869d2ad479e32601a19272e843f19a58c8cdf85d61ef2c
                                    • Opcode Fuzzy Hash: 5eaf47982bced67d709cf9d718b32752ccd231726d051d2f8b23ce9b54909c6d
                                    • Instruction Fuzzy Hash: DF2148765043019BC714EF58EC4496FB7A9FBC0261F048929F96187201E336E849CBE3

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 01182C51: PyErr_SetString.PYTHON27(036A9748,getsockaddrlen: bad family,01185268,?,?), ref: 01182C72
                                    • memset.MSVCR90 ref: 01185616
                                    • PyEval_SaveThread.PYTHON27(?,00000000,?), ref: 0118561E
                                    • accept.WS2_32(?,?,?), ref: 01185647
                                      • Part of subcall function 01183A4E: PyType_GenericNew.PYTHON27(01189AD8,00000000,00000000,?,011856A3,?,?,?,?), ref: 01183A58
                                    • PyEval_RestoreThread.PYTHON27(?), ref: 01185654
                                    • PyErr_SetString.PYTHON27(036A9930,timed out), ref: 0118566E
                                    • closesocket.WS2_32 ref: 011856AD
                                    • PyTuple_Pack.PYTHON27(00000002,00000000,00000000), ref: 011856DA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Eval_StringThread$GenericPackRestoreSaveTuple_Type_acceptclosesocketmemset
                                    • String ID: timed out
                                    • API String ID: 1659005268-3163636755
                                    • Opcode ID: c5953c577a3343596c6c6b8542dab1d784863deb4c8bcd9c98a29c172de397dc
                                    • Instruction ID: c23c99061d35389e79e51432273daf0665998800938ee436cd08b3f0490cfa48
                                    • Opcode Fuzzy Hash: c5953c577a3343596c6c6b8542dab1d784863deb4c8bcd9c98a29c172de397dc
                                    • Instruction Fuzzy Hash: 6831AB765002019BD324EB58EC8496BB3E9EBC4235F148729F96983281E735D855CBA2

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 594 1192908-119291b call 119278e 597 11929fa 594->597 598 1192921-119292a call 1191a6a 594->598 599 11929fc-1192a00 597->599 598->597 602 1192930-1192947 PyArg_ParseTuple 598->602 602->597 603 119294d-1192964 call 119220a _PyObject_New 602->603 603->597 606 119296a-119297e call 1194e8a 603->606 608 1192983-1192985 606->608 609 11929cd-11929dc PyWeakref_NewRef 608->609 610 1192987-119298a 608->610 611 11929bc-11929c2 609->611 612 11929de-11929ec PyList_Append 609->612 613 119298c 610->613 614 11929a0-11929a3 610->614 616 11929f6-11929f8 611->616 620 11929c4-11929cb 611->620 615 11929ee-11929f1 612->615 612->616 617 1192991-119299e PyErr_SetString 613->617 618 11929ac-11929b6 call 11954f8 call 119566a 614->618 619 11929a5-11929aa 614->619 624 11929f5 615->624 616->599 621 11929bb 617->621 618->621 619->617 620->624 621->611 624->616
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTuple.PYTHON27(?,011973F4,?), ref: 0119293C
                                      • Part of subcall function 0119220A: PyList_New.PYTHON27(00000000,?,?,01192952), ref: 01192222
                                      • Part of subcall function 0119220A: PyList_Size.PYTHON27(?,?,?,01192952), ref: 01192233
                                      • Part of subcall function 0119220A: PyList_GetItem.PYTHON27(?,00000000,?,01192952), ref: 01192242
                                      • Part of subcall function 0119220A: PyWeakref_GetObject.PYTHON27(00000000), ref: 0119224B
                                      • Part of subcall function 0119220A: PyList_Append.PYTHON27(00000000,00000000), ref: 0119225E
                                      • Part of subcall function 0119220A: PyList_Size.PYTHON27(?), ref: 0119226E
                                    • _PyObject_New.PYTHON27(0119A010), ref: 01192957
                                      • Part of subcall function 01194E8A: PyString_AsString.PYTHON27(00000000), ref: 01194EC9
                                      • Part of subcall function 01194E8A: PyEval_SaveThread.PYTHON27 ref: 01194ED2
                                      • Part of subcall function 01194E8A: sqlite3_prepare.SQLITE3(?,?,000000FF,0000000C,00000000), ref: 01194EE8
                                      • Part of subcall function 01194E8A: PyEval_RestoreThread.PYTHON27(00000000,?,?,000000FF,0000000C,00000000), ref: 01194EF3
                                      • Part of subcall function 01194E8A: sqlite3_finalize.SQLITE3(0000000C), ref: 01194F16
                                    • PyErr_SetString.PYTHON27(SQL is of wrong type. Must be string or unicode.), ref: 01192997
                                      • Part of subcall function 011954F8: PyEval_SaveThread.PYTHON27(1E002A07,?,01191712), ref: 01195506
                                      • Part of subcall function 011954F8: sqlite3_reset.SQLITE3(?), ref: 01195511
                                      • Part of subcall function 011954F8: PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01195519
                                      • Part of subcall function 0119566A: sqlite3_reset.SQLITE3(00000000,01191C05), ref: 01195675
                                      • Part of subcall function 0119566A: sqlite3_errcode.SQLITE3(?,?,01191C05), ref: 0119567D
                                    • PyWeakref_NewRef.PYTHON27(00000000,00000000), ref: 011929D0
                                    • PyList_Append.PYTHON27(?,00000000), ref: 011929E2
                                    Strings
                                    • You can only execute one statement at a time., xrefs: 0119298C
                                    • SQL is of wrong type. Must be string or unicode., xrefs: 011929A5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$Eval_Thread$Err_String$AppendRestoreSaveSizeThread_get_thread_identWeakref_sqlite3_reset$Arg_FormatItemObjectObject_ParseString_Tuplesqlite3_errcodesqlite3_finalizesqlite3_prepare
                                    • String ID: SQL is of wrong type. Must be string or unicode.$You can only execute one statement at a time.
                                    • API String ID: 952306608-3997469701
                                    • Opcode ID: 854ca21c527ab7eecb131fa1a896cdb69358a66e9c6bdde5bed4ffbdc6f52ba0
                                    • Instruction ID: 20c35681d6b9f672a4949e4f72c8e8df476cd3dc36e56294c7c0633a936bed60
                                    • Opcode Fuzzy Hash: 854ca21c527ab7eecb131fa1a896cdb69358a66e9c6bdde5bed4ffbdc6f52ba0
                                    • Instruction Fuzzy Hash: A121B132604212BFDF6C9F29EC44A597BA4FF042A1714466AE939D7181FB30DC809BA5

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 627 118289e-11828e0 connect 628 11829e2-11829e4 627->628 629 11828e6-11828e8 627->629 630 11829ea-11829fe 628->630 631 11829e6-11829e8 WSAGetLastError 628->631 629->630 632 11828ee-11828f5 WSAGetLastError 629->632 631->630 633 11828fb-1182961 call 1182020 * 2 select 632->633 634 11829de 632->634 639 1182980 633->639 640 1182963-118297f 633->640 634->628 639->628 641 1182982-1182992 __WSAFDIsSet 639->641 642 11829a9-11829d1 getsockopt 641->642 643 1182994-11829a8 641->643 644 11829ff-1182a07 WSAGetLastError 642->644 645 11829d3-11829d8 WSASetLastError 642->645 644->628 645->634
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast$connectselect
                                    • String ID:
                                    • API String ID: 3361657481-0
                                    • Opcode ID: 383edee48a5b5855b11954d62191b2afa288a48c23eb7bfb4b38d4a0319ddf1d
                                    • Instruction ID: 8d7188d17bd9335aaa2e52da8c4c485fbd61a8f97785e770580e37e1b55e8d7c
                                    • Opcode Fuzzy Hash: 383edee48a5b5855b11954d62191b2afa288a48c23eb7bfb4b38d4a0319ddf1d
                                    • Instruction Fuzzy Hash: 4F4170756083029FD729EF69D844AAFB7E5FBC8314F00892DE99AC3240E774A549CF52

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 646 2d95dfd-2d95e12 call 2d95ab0 649 2d95e1c-2d95e24 call 2d95339 646->649 650 2d95e14-2d95e17 646->650 654 2d95e58-2d95e6b DeleteFileA GetFileAttributesA 649->654 655 2d95e26-2d95e39 DeleteFileW GetFileAttributesW 649->655 652 2d95ea5-2d95ea8 650->652 658 2d95e7a-2d95e7e 654->658 659 2d95e6d-2d95e78 GetLastError 654->659 656 2d95e48-2d95e4c 655->656 657 2d95e3b-2d95e46 GetLastError 655->657 660 2d95e8a-2d95e95 call 2dc9cb5 656->660 661 2d95e4e-2d95e56 Sleep 656->661 657->656 657->660 658->660 662 2d95e80-2d95e88 Sleep 658->662 659->658 659->660 665 2d95ea0 660->665 666 2d95e97-2d95e9a 660->666 661->655 662->654 665->652 666->665 667 2d95e9c-2d95e9e 666->667 667->652
                                    APIs
                                    • DeleteFileW.KERNEL32(00000000), ref: 02D95E27
                                    • GetFileAttributesW.KERNEL32(00000000), ref: 02D95E2E
                                    • GetLastError.KERNEL32 ref: 02D95E3B
                                    • Sleep.KERNEL32(00000064), ref: 02D95E50
                                    • DeleteFileA.KERNEL32(00000000), ref: 02D95E59
                                    • GetFileAttributesA.KERNEL32(00000000), ref: 02D95E60
                                    • GetLastError.KERNEL32 ref: 02D95E6D
                                    • Sleep.KERNEL32(00000064), ref: 02D95E82
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: File$AttributesDeleteErrorLastSleep
                                    • String ID:
                                    • API String ID: 2316142864-0
                                    • Opcode ID: 53bcd30fcf9733e23be05b9b4f9c089c10863ad4743f29b28cf549259744a035
                                    • Instruction ID: cb58f0b62940a2366e59fd269090a7d798df2ad99c0e82afb8190be5c436493d
                                    • Opcode Fuzzy Hash: 53bcd30fcf9733e23be05b9b4f9c089c10863ad4743f29b28cf549259744a035
                                    • Instruction Fuzzy Hash: 9D11C2369856059ECF223670B8C873E376DDB46671FE10A34FA67D63C0DB234C5589A1

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 668 118398d-11839b7 PyArg_ParseTuple 669 11839b9-11839bf 668->669 670 11839d7-11839dc 668->670 671 11839dd-11839ee PyString_FromStringAndSize 669->671 672 11839c1-11839d4 PyErr_SetString 669->672 671->670 673 11839f0-1183a03 call 1183513 671->673 672->670 675 1183a08-1183a0d 673->675 676 1183a2e-1183a32 675->676 677 1183a0f-1183a1a 675->677 680 1183a34-1183a45 _PyString_Resize 676->680 681 1183a47-1183a4d 676->681 678 1183a28-1183a2d 677->678 679 1183a1c-1183a25 677->679 679->678 680->670 680->681
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 011839AC
                                    • PyErr_SetString.PYTHON27(?,negative buffersize in recv,?,?,?,?), ref: 011839CE
                                    • PyString_FromStringAndSize.PYTHON27(00000000,?,?,?,?,?), ref: 011839E0
                                    • _PyString_Resize.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?), ref: 01183A3A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: StringString_$Arg_Err_FromParseResizeSizeTuple
                                    • String ID: i|i:recv$negative buffersize in recv
                                    • API String ID: 1940759811-755570985
                                    • Opcode ID: 533af367fa009dfcacbd8f2eacc7d8ad4b02aa9cb30d9cf155682a25e18ff62f
                                    • Instruction ID: 4d3339e597a99804101b34df62c0b0bd27f05f9d64a9be1e949156805fe292b0
                                    • Opcode Fuzzy Hash: 533af367fa009dfcacbd8f2eacc7d8ad4b02aa9cb30d9cf155682a25e18ff62f
                                    • Instruction Fuzzy Hash: 74215E70614201AFD708FB14DC85E2B77E8BF84B05F44C828E999C7202F735D959CBA2

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 683 1182b72-1182b9d PyArg_ParseTuple 684 1182b9f-1182ba7 683->684 685 1182be0-1182c07 PyErr_Clear PyArg_ParseTuple 683->685 687 1182baf-1182bd3 setsockopt 684->687 686 1182c09-1182c0e 685->686 685->687 688 1182c0f-1182c20 687->688 689 1182bd5-1182bdf 687->689
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,iii:setsockopt,?,?,?), ref: 01182B96
                                    • setsockopt.WS2_32(?,?,?,?,?), ref: 01182BCB
                                    • PyErr_Clear.PYTHON27 ref: 01182BE0
                                    • PyArg_ParseTuple.PYTHON27(?,iis#:setsockopt,?,?,?,?), ref: 01182C00
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_ParseTuple$ClearErr_setsockopt
                                    • String ID: iii:setsockopt$iis#:setsockopt
                                    • API String ID: 4279889580-3593983973
                                    • Opcode ID: 98336c5e1a01c6462bde21b06edc55c67a67f6abbf827ee2221b1a939cac92dc
                                    • Instruction ID: b9a3610b47e03b3a6a546ad8578629e4ced9eedfa296e8de64f28cc94064c9a1
                                    • Opcode Fuzzy Hash: 98336c5e1a01c6462bde21b06edc55c67a67f6abbf827ee2221b1a939cac92dc
                                    • Instruction Fuzzy Hash: D5115EB6204201AFC308EF19C880D9B77E8BFD8604F44896DF58593212E730E549CBA2

                                    Control-flow Graph

                                    APIs
                                    • PyUnicodeUCS2_AsUTF8String.PYTHON27(?,00000000), ref: 01194EB6
                                    • PyString_AsString.PYTHON27(00000000), ref: 01194EC9
                                    • PyEval_SaveThread.PYTHON27 ref: 01194ED2
                                    • sqlite3_prepare.SQLITE3(?,?,000000FF,0000000C,00000000), ref: 01194EE8
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,000000FF,0000000C,00000000), ref: 01194EF3
                                    • sqlite3_finalize.SQLITE3(0000000C), ref: 01194F16
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_StringThread$RestoreSaveString_Unicodesqlite3_finalizesqlite3_prepare
                                    • String ID:
                                    • API String ID: 4260218099-0
                                    • Opcode ID: 8dcd80bc001a297060a66b4e953706aad874966123b76732dd23b1203978884e
                                    • Instruction ID: 3072e7b6a11c2927bbbc136d0dd02e96097c98a34558dca112aa0cb411de8f32
                                    • Opcode Fuzzy Hash: 8dcd80bc001a297060a66b4e953706aad874966123b76732dd23b1203978884e
                                    • Instruction Fuzzy Hash: A4119371804306EFEF28DF68D908B9EBBB5FF04315F204669E832A6595D7349A41CF50

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 703 2da803f-2da805c call 2d9a013 706 2da805e-2da806e 703->706 707 2da8074-2da8081 703->707 706->707 710 2da8123-2da812c call 2d9a09c 706->710 708 2da808d-2da80ce call 2d93dd3 707->708 709 2da8083 707->709 715 2da80d9-2da8106 sqlite3_exec 708->715 716 2da80d0-2da80d7 708->716 709->708 717 2da4c72 710->717 718 2da8132 710->718 719 2da8108-2da810e 715->719 720 2da8111-2da811f call 2d92d0c 715->720 716->710 721 2da4c75-2da4c91 call 2d9301c 717->721 722 2da8fd6-2da8fe0 718->722 719->720 720->710 731 2da5373-2da5374 721->731 724 2da487e-2da4885 722->724 725 2da8fe6 722->725 724->721 732 2da488b-2da48a3 724->732 729 2da5375-2da5388 call 2da2853 725->729 739 2da538a-2da538d 729->739 740 2da5391-2da539b 729->740 731->729 734 2da48d4-2da48d8 732->734 735 2da48a5-2da48b1 732->735 741 2da48da-2da48f4 call 2da0800 734->741 742 2da48f7-2da4900 734->742 737 2da48ce 735->737 738 2da48b3-2da48c2 735->738 737->734 782 2da8feb-2da8ff2 738->782 783 2da48c8 738->783 739->740 743 2da53aa-2da53b8 call 2d9a121 740->743 744 2da539d-2da53a7 call 2db0295 740->744 741->742 742->722 746 2da4906 742->746 744->743 751 2da4afa-2da4b04 746->751 752 2da4998-2da499c 746->752 753 2da49f9-2da4a05 746->753 754 2da495c-2da4982 746->754 755 2da4cbd-2da4ccc call 2da27fe 746->755 756 2da4c36-2da4c5d call 2da0bee 746->756 757 2da4c96-2da4cb8 call 2da0bee 746->757 758 2da4ad4-2da4af5 746->758 759 2da492a-2da4945 746->759 760 2da4a0a-2da4a1a 746->760 761 2da4b09-2da4b28 call 2da0cb4 746->761 762 2da494e-2da495a 746->762 763 2da490d-2da4918 746->763 764 2da4b2d-2da4b45 746->764 765 2da4bc6-2da4bf4 746->765 766 2da4984-2da4992 746->766 751->722 772 2da49a2-2da49ac 752->772 773 2da8ff7-2da900b 752->773 753->722 771 2da4946-2da4949 754->771 755->722 801 2da4cd2-2da4ce2 call 2da270c 755->801 756->722 799 2da4c63-2da4c6c call 2da0635 756->799 757->722 758->722 759->771 760->722 761->722 762->771 767 2da491e-2da4925 763->767 768 2da9135-2da914c call 2d9301c call 2dc8a90 763->768 780 2da4bba-2da4bc1 764->780 781 2da4b47 764->781 769 2da4c2b-2da4c31 765->769 770 2da4bf6-2da4c26 call 2da0c90 765->770 766->722 766->752 767->721 767->722 768->729 769->722 804 2da4c28 770->804 771->722 772->773 788 2da49b2-2da49d5 call 2da21f1 772->788 785 2da900d-2da901e call 2d9301c 773->785 786 2da9021-2da902d call 2da2853 773->786 780->722 793 2da4b4f-2da4b75 call 2da0bc7 781->793 782->729 783->737 785->786 812 2da902f-2da903c 786->812 813 2da905d-2da9060 786->813 814 2da49d7-2da49e2 788->814 815 2da49e5-2da49f4 788->815 819 2da4b7b-2da4bb8 call 2da0800 call 2da0bee 793->819 820 2da5359-2da536c call 2d9301c 793->820 799->717 799->722 801->722 821 2da4ce8-2da4d12 801->821 804->769 812->743 812->813 813->743 814->815 815->722 819->780 836 2da4b49 819->836 820->731 826 2da4d4d-2da4d54 821->826 827 2da4d14-2da4d4b call 2da06e0 call 2da4611 821->827 826->721 831 2da4d5a-2da4d66 826->831 827->826 831->743 836->793
                                    APIs
                                    • sqlite3_exec.SQLITE3(?,?,Function_0002A6AF), ref: 02DA80F9
                                      • Part of subcall function 02DB8603: sqlite3_mutex_enter.SQLITE3(?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8633
                                      • Part of subcall function 02DB8603: sqlite3_prepare.SQLITE3(00000000,?,000000FF,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8686
                                      • Part of subcall function 02DB8603: sqlite3_column_count.SQLITE3(?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB86AD
                                      • Part of subcall function 02DB8603: sqlite3_step.SQLITE3(?,?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB86BB
                                      • Part of subcall function 02DB8603: sqlite3_column_name.SQLITE3(?,00000000,?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8722
                                    Strings
                                    • sqlite_master, xrefs: 02DA8083
                                    • out of memory, xrefs: 02DA4C78
                                    • SELECT name, rootpage, sql FROM '%q'.%s WHERE %s, xrefs: 02DA80B9
                                    • sqlite_temp_master, xrefs: 02DA8074
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_column_countsqlite3_column_namesqlite3_execsqlite3_mutex_entersqlite3_preparesqlite3_step
                                    • String ID: SELECT name, rootpage, sql FROM '%q'.%s WHERE %s$out of memory$sqlite_master$sqlite_temp_master
                                    • API String ID: 1372625717-2794900203
                                    • Opcode ID: fc5dd050df72404053c74e021084b863547ebd1140286a9bd02d33176ec1f1a2
                                    • Instruction ID: 65ccf27f85a0d31a614542a5fa8cfb0d89613f03b5f06ce17712ac72c4b2eb48
                                    • Opcode Fuzzy Hash: fc5dd050df72404053c74e021084b863547ebd1140286a9bd02d33176ec1f1a2
                                    • Instruction Fuzzy Hash: 00415871D00658DBEB258FA4C894B9DBBB1EF04304F1081DAE959AB350D775AE85CFA0

                                    Control-flow Graph

                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27 ref: 01183813
                                    • PyEval_SaveThread.PYTHON27(?,?,?,?,?,?,?,?), ref: 01183829
                                    • socket.WS2_32(?,?,?), ref: 01183840
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?,?,?,?,?), ref: 01183849
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_KeywordsParseRestoreSaveTuplesocket
                                    • String ID: |iii:socket
                                    • API String ID: 1982795424-891150601
                                    • Opcode ID: 3c99d254521e6405e8e11d1cc244f23a6c5d64df4ec7eea9f8d7e463940f581a
                                    • Instruction ID: 774699250fa1e6a8f232c20f5210eacfe0862e84463e5c90f957e4bc019de958
                                    • Opcode Fuzzy Hash: 3c99d254521e6405e8e11d1cc244f23a6c5d64df4ec7eea9f8d7e463940f581a
                                    • Instruction Fuzzy Hash: E41163B55143016FD304EF58D844E6FB7E8BBC4628F448A1CF8A883281E330D949CB92
                                    APIs
                                    • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 02D95569
                                    • GetLastError.KERNEL32 ref: 02D9557A
                                    • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 02D95599
                                    • GetLastError.KERNEL32 ref: 02D955A3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorFileLast$PointerRead
                                    • String ID:
                                    • API String ID: 2170121939-0
                                    • Opcode ID: 38bb09fb10bd9fcb6da62b02cf8d6691a20d36ed56c66f8dae75c7f7403437c7
                                    • Instruction ID: 5ffe1f1d4789dd72aeffbd6e214e89b65754eff1130f443ae114dee81e55ee30
                                    • Opcode Fuzzy Hash: 38bb09fb10bd9fcb6da62b02cf8d6691a20d36ed56c66f8dae75c7f7403437c7
                                    • Instruction Fuzzy Hash: F1112172600209FBDF418E69EC45BAA77A9FF04360F908625F925D6381D771DD10CBA0
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DA3994
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DA39F0
                                      • Part of subcall function 02DBAFC5: sqlite3_sql.SQLITE3(?,?,?,00000000,?,?,02DA39BC), ref: 02DBAFCF
                                    • sqlite3_reset.SQLITE3(?), ref: 02DA39C3
                                      • Part of subcall function 02DA34B7: sqlite3_mutex_enter.SQLITE3(?), ref: 02DA34CA
                                      • Part of subcall function 02DA34B7: sqlite3_mutex_leave.SQLITE3(?), ref: 02DA34F9
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DA3A33
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_resetsqlite3_sqlsqlite3_value_text
                                    • String ID:
                                    • API String ID: 555461638-0
                                    • Opcode ID: 74d2556b23326e4d1f9e0c2a035d1ad0afb5f7bc95a18ea098a2111fcf5c8069
                                    • Instruction ID: a0d94d9ddc3486ea0893a6410fa76d5affedb34b04ac8ac70d7cd4581b338d05
                                    • Opcode Fuzzy Hash: 74d2556b23326e4d1f9e0c2a035d1ad0afb5f7bc95a18ea098a2111fcf5c8069
                                    • Instruction Fuzzy Hash: 0A2146722087516BEB216A689894F6AB7E7EF44324F10044AF81587781EB79EC54CBA2
                                    APIs
                                    • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 02D95602
                                    • GetLastError.KERNEL32 ref: 02D9560F
                                    • GetLastError.KERNEL32 ref: 02D95657
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast$FilePointer
                                    • String ID:
                                    • API String ID: 1156039329-0
                                    • Opcode ID: 4775d8e27c990f94eb86a08cc0886d49ee35309159177f4ee6d1eb7275abbf0c
                                    • Instruction ID: 1d92cb0e04f63b1313cd547aa727b0eba687029aa308c16c78251bdfd8a0e9ee
                                    • Opcode Fuzzy Hash: 4775d8e27c990f94eb86a08cc0886d49ee35309159177f4ee6d1eb7275abbf0c
                                    • Instruction Fuzzy Hash: 34119432940649EFCF128FE4EC449AE77F9FB44360BA44A2AF526C2240E3719E51DF50
                                    APIs
                                    • sqlite3_free.SQLITE3(?,?,000000FF,00000000), ref: 02DC7E71
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_free
                                    • String ID: interrupt$unrecognized token: "%T"
                                    • API String ID: 2313487548-1292477928
                                    • Opcode ID: 1d801b52a731b244b2797e881b1605832c25adc6f5995401de2e1c4f8d85c97e
                                    • Instruction ID: 7a57341f3444495cc6af72c51ba2ba8d00ddd4609414046d022c1f6834a45316
                                    • Opcode Fuzzy Hash: 1d801b52a731b244b2797e881b1605832c25adc6f5995401de2e1c4f8d85c97e
                                    • Instruction Fuzzy Hash: 86A15D71504643AFEB25DF24C884B9AFBA9FF48314F24495DE8985B391C730AD54CFA1
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DBAF60
                                    • sqlite3_finalize.SQLITE3(?,?,02DBAFEB,00000000,000000FF,00000000,?,00000000), ref: 02DBAF8F
                                    • sqlite3_mutex_leave.SQLITE3(?,?,02DBAFEB,00000000,000000FF,00000000,?,00000000), ref: 02DBAFB8
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_finalizesqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 3026522489-0
                                    • Opcode ID: aff08364a05b2023485f7060725ff5138416441f3faabde39ee8cdcf9c957432
                                    • Instruction ID: 680346cc0d966e5d9b79668b6ee3f0dc16ab10e4f6e89623cb6079dc730ccb65
                                    • Opcode Fuzzy Hash: aff08364a05b2023485f7060725ff5138416441f3faabde39ee8cdcf9c957432
                                    • Instruction Fuzzy Hash: 4D016933004206BBDF132E94EC46DEA7B6AEF49360F200029FA1845260DB769C70ABA1
                                    APIs
                                    • PyEval_SaveThread.PYTHON27(?,011836A8,?,00000000), ref: 01182D31
                                    • ioctlsocket.WS2_32(?,8004667E,?), ref: 01182D58
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,011836A8,?,00000000), ref: 01182D5F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$RestoreSaveioctlsocket
                                    • String ID:
                                    • API String ID: 1965457360-0
                                    • Opcode ID: 64ec19ff343c38051957806f5be12728e3d3cecf417c1ec4619a069feef865ce
                                    • Instruction ID: efcfbd71149fd2881b8890e1a51fcd36b8961c8fb65a9181184439f222183017
                                    • Opcode Fuzzy Hash: 64ec19ff343c38051957806f5be12728e3d3cecf417c1ec4619a069feef865ce
                                    • Instruction Fuzzy Hash: A5E04F714042109FC314DB24E84888FBBA4AB84211F00C938F459C7209E63899D5CB96
                                    APIs
                                    • PyEval_SaveThread.PYTHON27(00000000,?,01191BBC,?), ref: 01195649
                                    • sqlite3_step.SQLITE3(?), ref: 01195655
                                    • PyEval_RestoreThread.PYTHON27(00000000,?), ref: 0119565D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$RestoreSavesqlite3_step
                                    • String ID:
                                    • API String ID: 3721917863-0
                                    • Opcode ID: b2408dd1e12e6efe8f098b04a9db93728d1b5472ea66401d4ef8cb3c069bc5de
                                    • Instruction ID: ec8e94cf819c2916067aaa46eeaa5fa2d9d0e27df93a238505776aa8938b101e
                                    • Opcode Fuzzy Hash: b2408dd1e12e6efe8f098b04a9db93728d1b5472ea66401d4ef8cb3c069bc5de
                                    • Instruction Fuzzy Hash: 4AD05E325182109F9B1A1E79BC0844ABBDAEEC9161718853BF530D2144DA3184424B95
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: invalid rootpage
                                    • API String ID: 0-1762523506
                                    • Opcode ID: 1d947874e654e9a81d3be1f14407b024a2d7eb5e01bd4891d9862242ff4ec2a7
                                    • Instruction ID: b48344895e4deb06b6e03f73f768e8a416aa986dcdc1b28b15c1217bc702396c
                                    • Opcode Fuzzy Hash: 1d947874e654e9a81d3be1f14407b024a2d7eb5e01bd4891d9862242ff4ec2a7
                                    • Instruction Fuzzy Hash: EE31B2B6508542FFDB269F64C8B08AAB7F9EF04214724446EE54697B10EB31EC41DB90
                                    APIs
                                      • Part of subcall function 02D95AE7: sqlite3_snprintf.SQLITE3(000000E6,?,02DDA2A8,00000000), ref: 02D95B0D
                                      • Part of subcall function 02D95AE7: sqlite3_snprintf.SQLITE3(000000E7,?,%s\etilqs_,00000000), ref: 02D95BB8
                                      • Part of subcall function 02D95AE7: sqlite3_randomness.SQLITE3(00000014,00000000,000000E7,?,%s\etilqs_,00000000), ref: 02D95BCC
                                    • CreateFileW.KERNEL32(?,?,00000003,00000000,?,?,00000000), ref: 02D95D63
                                    • CreateFileA.KERNEL32(?,?,00000003,00000000,?,?,00000000), ref: 02D95D6B
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CreateFilesqlite3_snprintf$sqlite3_randomness
                                    • String ID:
                                    • API String ID: 766419126-0
                                    • Opcode ID: 7e04e85a281a3a0e5df75658acf10d19de8faf24c268f58f75cbfa32eb178fc5
                                    • Instruction ID: 387a60bfb664412fe0cb4e175bb2acfe8b88d04d94a7f69eb597aae094d2689d
                                    • Opcode Fuzzy Hash: 7e04e85a281a3a0e5df75658acf10d19de8faf24c268f58f75cbfa32eb178fc5
                                    • Instruction Fuzzy Hash: AA31B172A047029BEB219F28EC05B5A7BE1EF84364F444929FD94963D0E731CD54DBA1
                                    APIs
                                    • GetFileAttributesW.KERNEL32(00000000), ref: 02D95ECD
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: 480e22678917f7481aabbd45a5ba0ed588776004a84e7954f7ac349bbfaafdc9
                                    • Instruction ID: 9d7219f470181f030f69f5c15e92e43d8cfd782087e795477bedc3523dd6385b
                                    • Opcode Fuzzy Hash: 480e22678917f7481aabbd45a5ba0ed588776004a84e7954f7ac349bbfaafdc9
                                    • Instruction Fuzzy Hash: 22F0963B7096128F8F125FB4B8C456AA799DB84264BD50639F952DA380DF61CC05C5B4
                                    APIs
                                    • sqlite3_mutex_leave.SQLITE3(2E8B2446,02D96B90,2E8B2446,02D987A4,?,00000000,02D97A15,?,000000FF), ref: 02D96ADF
                                    • sqlite3_mutex_enter.SQLITE3(2E8B2446,2E8B2446,02D96B90,2E8B2446,02D987A4,?,00000000,02D97A15,?,000000FF), ref: 02D96AF2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 1f16c7ac249fac3111bfffdfd8082643886e5b395d4479269950bb9feafaa5e6
                                    • Instruction ID: ffed04be5bcbbbb93b8def0795c00e86e83fa51e75e16ab5ba991dfcffc85117
                                    • Opcode Fuzzy Hash: 1f16c7ac249fac3111bfffdfd8082643886e5b395d4479269950bb9feafaa5e6
                                    • Instruction Fuzzy Hash: 95F09A32F44150EBDF247A74B828A2A239AEB40700B14492DFD45EB344EF32DC218FA0
                                    APIs
                                    • getaddrinfo.WS2_32(?,?,00000000,?,?,011845F0,?,00000000,?,?), ref: 011840C2
                                    • WSASetLastError.WS2_32(00000000), ref: 011840C7
                                      • Part of subcall function 01183ED4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 01183F23
                                      • Part of subcall function 01183ED4: strcpy_s.MSVCR90 ref: 01183F4D
                                      • Part of subcall function 01183ED4: strcat_s.MSVCR90 ref: 01183F64
                                      • Part of subcall function 01183ED4: LoadLibraryA.KERNEL32(?), ref: 01183F74
                                      • Part of subcall function 01183ED4: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 01183F82
                                      • Part of subcall function 01183ED4: FreeLibrary.KERNEL32(00000000), ref: 01183F8D
                                      • Part of subcall function 01183ED4: strcpy_s.MSVCR90 ref: 01183FA5
                                      • Part of subcall function 01183ED4: strcat_s.MSVCR90 ref: 01183FB6
                                      • Part of subcall function 01183ED4: LoadLibraryA.KERNEL32(?), ref: 01183FC0
                                      • Part of subcall function 01183ED4: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 01183FCE
                                      • Part of subcall function 01183ED4: FreeLibrary.KERNEL32(00000000), ref: 01183FD9
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Library$AddressFreeLoadProcstrcat_sstrcpy_s$DirectoryErrorLastSystemgetaddrinfo
                                    • String ID:
                                    • API String ID: 3459095691-0
                                    • Opcode ID: 629625a0da992d8b6185b9d43b2f7423e8c4f1cd761a4bb8f7ff2b2ad7f1d49d
                                    • Instruction ID: 0b7ac5426d60e827290624df067b717bc37d121493d0dfaf0ee90307eee50559
                                    • Opcode Fuzzy Hash: 629625a0da992d8b6185b9d43b2f7423e8c4f1cd761a4bb8f7ff2b2ad7f1d49d
                                    • Instruction Fuzzy Hash: B6E012B1208211AF8228EB68E984D6BB3E9AFC8610B04892DB465C3644DB30D841CBA1
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CloseHandleSleep
                                    • String ID:
                                    • API String ID: 252777609-0
                                    • Opcode ID: fd380bd41784fbcd3dcf0a1ab658021b8247ba3f42646089942aa230777538dc
                                    • Instruction ID: 2d2bf2b521c7c5b4511d80873059a2ab1880a8dc97b39923dbed9f10bb1ea824
                                    • Opcode Fuzzy Hash: fd380bd41784fbcd3dcf0a1ab658021b8247ba3f42646089942aa230777538dc
                                    • Instruction Fuzzy Hash: E4E072330046018ECB004EB8FC80A6A338EEF491347E40A20F26AC2380C330DC028660
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset
                                    • String ID:
                                    • API String ID: 2102423945-0
                                    • Opcode ID: 59f8c5de90edd9c03b4182776c5a154736f83eb6268cb06f7119a67885cf9483
                                    • Instruction ID: 6149690860317ca3906a8eaf390ffa54df7c8812dbec343fad1ac2e26e1d19ca
                                    • Opcode Fuzzy Hash: 59f8c5de90edd9c03b4182776c5a154736f83eb6268cb06f7119a67885cf9483
                                    • Instruction Fuzzy Hash: F54128716007019FDF219F25D984B62B7FCEF48668B108929F849C7BA1E732E895CF90
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 627f420bcd99ce912fde89d17e582341e10aa1f933d354189ea816d937d3e310
                                    • Instruction ID: 6a38966dcf553c2e4ffdafb6e699ca5796dcbe5c603cf36c6ad121db488a9c58
                                    • Opcode Fuzzy Hash: 627f420bcd99ce912fde89d17e582341e10aa1f933d354189ea816d937d3e310
                                    • Instruction Fuzzy Hash: 4D31B032900210EBCF22AE64C8A07DD77A6EB46760F1541AAFC54AB381D772DD41CBE5
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_free
                                    • String ID:
                                    • API String ID: 2313487548-0
                                    • Opcode ID: 3105269fbb873752a4e33758aff2eed65259dcd110e89089dec776172558f668
                                    • Instruction ID: 6ccbace5a3f98d8c45def0556d6a1dbd1e2f4caea5cfea447515e6007f0abb61
                                    • Opcode Fuzzy Hash: 3105269fbb873752a4e33758aff2eed65259dcd110e89089dec776172558f668
                                    • Instruction Fuzzy Hash: CE21C731544B829ECB22DF79C854B9AF7D5AF80324F34C92ED46AD7391E6719940DF10
                                    APIs
                                    • select.WS2_32(?,00000001,00000000,00000000,?), ref: 01182D1B
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: select
                                    • String ID:
                                    • API String ID: 1274211008-0
                                    • Opcode ID: eb7d4d926decbe4d2ce51fe03ef9f0d435cdc341a863c5c0e1821d4bb849d069
                                    • Instruction ID: fd226bab1f4232d0cd0182b981af117d9d28e80b7986b431858acd0fff12a0a5
                                    • Opcode Fuzzy Hash: eb7d4d926decbe4d2ce51fe03ef9f0d435cdc341a863c5c0e1821d4bb849d069
                                    • Instruction Fuzzy Hash: 52019E305047019BE329EF38D9197EBBBE8FB85B14F508A2DA4D5821D0E7B59489CB82
                                    APIs
                                    • HeapCreate.KERNEL32(00000000,00001000,00000000,?,02DCA365,00000001,?,?,?,02DCA4DE,?,?,?,02DDD5A0,0000000C,02DCA599), ref: 02DCA831
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CreateHeap
                                    • String ID:
                                    • API String ID: 10892065-0
                                    • Opcode ID: d587c018bc6a9eba98564cec4aa5a59140d04e1d0092aa966a33b78add3158b7
                                    • Instruction ID: a0116c3f9ae986a3077fa67e55cf191f404ddbf86c6bc4393f2307f2bfc65096
                                    • Opcode Fuzzy Hash: d587c018bc6a9eba98564cec4aa5a59140d04e1d0092aa966a33b78add3158b7
                                    • Instruction Fuzzy Hash: 32D05E36A9834AAAEB106E747C08B723BDC9788395F14483AF81CCA280F770CD60C580
                                    APIs
                                    • _malloc.LIBCMT ref: 02D925A3
                                      • Part of subcall function 02DC9D92: __FF_MSGBANNER.LIBCMT ref: 02DC9DB5
                                      • Part of subcall function 02DC9D92: __NMSG_WRITE.LIBCMT ref: 02DC9DBC
                                      • Part of subcall function 02DC9D92: RtlAllocateHeap.NTDLL(00000000,?,00000000,7622DF80,00000001,?,02D954C7,00000000), ref: 02DC9E09
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AllocateHeap_malloc
                                    • String ID:
                                    • API String ID: 501242067-0
                                    • Opcode ID: 6b05a19bae214c44c18d138607eb7d8807d29c41088667a08cb099aeaa305a5b
                                    • Instruction ID: b0c4a9aea0d0e76357a7d760a1a7a14ad6608b96d55961fcdec4085e5f505213
                                    • Opcode Fuzzy Hash: 6b05a19bae214c44c18d138607eb7d8807d29c41088667a08cb099aeaa305a5b
                                    • Instruction Fuzzy Hash: 34D02EB2A06A221B8B089A2CEC3029A27C49F4522431AC52DE819E7390D621EC038B90
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: closesocket
                                    • String ID:
                                    • API String ID: 2781271927-0
                                    • Opcode ID: 8c8e856f7b5324e01370e6d76315dcb03d449181d241188f84327b21e5917298
                                    • Instruction ID: c624110f481cd564f07d8873cf6d9eb30debbef7064813c5fb6a0ef7d9c6ac42
                                    • Opcode Fuzzy Hash: 8c8e856f7b5324e01370e6d76315dcb03d449181d241188f84327b21e5917298
                                    • Instruction Fuzzy Hash: E0D0A7311006104FC6189718E84889A33D46F45330F094568F46A93390C334FC81CB41
                                    APIs
                                    • PyEval_SaveThread.PYTHON27(1E001EE0,?,?,?,01193B8C,?,?,?), ref: 01195193
                                    • sqlite3_bind_parameter_count.SQLITE3(?,?,01193B8C,?,?,?), ref: 011951A1
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,01193B8C,?,?,?), ref: 011951AD
                                    • PySequence_Check.PYTHON27(01193B8C,01193B8C,?,?,?), ref: 011951DD
                                    • PyEval_SaveThread.PYTHON27(01193B8C,?,?,?), ref: 01195206
                                    • sqlite3_bind_parameter_name.SQLITE3(?,?), ref: 01195217
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?), ref: 0119521F
                                    • PyDict_GetItemString.PYTHON27(01193B8C,00000001), ref: 01195241
                                    • PyMapping_GetItemString.PYTHON27(01193B8C,00000001), ref: 01195257
                                    • PyErr_Clear.PYTHON27 ref: 01195297
                                    • PySequence_Size.PYTHON27(01193B8C,01193B8C,?,?,?), ref: 01195341
                                    • PyErr_Format.PYTHON27(Incorrect number of bindings supplied. The current statement uses %d, and there are %d supplied.,00000000,0FC08501,01193B8C,?,?,?), ref: 0119535C
                                    • PySequence_GetItem.PYTHON27(01193B8C,00000000,01193B8C,?,?,?), ref: 011953B6
                                    • PyErr_Clear.PYTHON27 ref: 011953F6
                                    • PyErr_Occurred.PYTHON27 ref: 01195435
                                    • PyErr_Format.PYTHON27(Error binding parameter %d - probably unsupported type.,?), ref: 0119544D
                                    Strings
                                    • Error binding parameter :%s - probably unsupported type., xrefs: 01195305
                                    • Error binding parameter %d - probably unsupported type., xrefs: 01195442
                                    • You did not supply a value for binding %d., xrefs: 011952ED
                                    • parameters are of unsupported type, xrefs: 01195314
                                    • Incorrect number of bindings supplied. The current statement uses %d, and there are %d supplied., xrefs: 01195351
                                    • Binding %d has no name, but you supplied a dictionary (which has only names)., xrefs: 011952DA
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Eval_Thread$ItemSequence_$ClearFormatRestoreSaveString$CheckDict_Mapping_OccurredSizesqlite3_bind_parameter_countsqlite3_bind_parameter_name
                                    • String ID: Binding %d has no name, but you supplied a dictionary (which has only names).$Error binding parameter %d - probably unsupported type.$Error binding parameter :%s - probably unsupported type.$Incorrect number of bindings supplied. The current statement uses %d, and there are %d supplied.$You did not supply a value for binding %d.$parameters are of unsupported type
                                    • API String ID: 2738482399-1934832251
                                    • Opcode ID: 86e79e23ea55b99553d93fcd38f34c866a68892b761119e8eb5434435de84bb0
                                    • Instruction ID: 73e273994701f8379212cc4fa4224481479c78e813e8a25e3654dd22c1530c29
                                    • Opcode Fuzzy Hash: 86e79e23ea55b99553d93fcd38f34c866a68892b761119e8eb5434435de84bb0
                                    • Instruction Fuzzy Hash: 5981B036604201EFDFAF9F68E84495DBBB2EF05321B24406BF936A7241E730EA418F55
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DA93B3
                                    • _memset.LIBCMT ref: 02DA93E6
                                      • Part of subcall function 02D92D0C: sqlite3_free.SQLITE3(?,02D93D6D,?,?,02D93D0E,00000001,?,?,?,02D93BFF,02DDA260), ref: 02D92D35
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DA98B6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memsetsqlite3_freesqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID: cannot open %s column for writing$cannot open value of type %s$cannot open view: %s$cannot open virtual table: %s$d$integer$no such column: "%s"$no such rowid: %lld$null$real
                                    • API String ID: 2950669836-2792330645
                                    • Opcode ID: 5bc85191b678e22c1209530fb4c7e41e960477c9760ef991e91be2a4bcaa5071
                                    • Instruction ID: 109b56e3001241b10e8b498c07e1b56f87cb650e01f08afa23e617b0d296f52e
                                    • Opcode Fuzzy Hash: 5bc85191b678e22c1209530fb4c7e41e960477c9760ef991e91be2a4bcaa5071
                                    • Instruction Fuzzy Hash: 45F14871904301AFDB11DF28D8A0AAABBE1EF88324F14895DF8599B351D774EC45CFA2
                                    APIs
                                    • sqlite3_bind_null.SQLITE3(?,00000001,00000001,00000000,0119540F,00000001,?), ref: 01194F4B
                                    Strings
                                    • You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended that you instead just switch your application to Unicode strings., xrefs: 01195043
                                    • could not convert BLOB to buffer, xrefs: 01195091
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_bind_null
                                    • String ID: You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended that you instead just switch your application to Unicode strings.$could not convert BLOB to buffer
                                    • API String ID: 3535090801-3913786486
                                    • Opcode ID: 6f15053028e41fdfd6e8c8d020af5b50a62170bc42d0cee16909d7532140a91f
                                    • Instruction ID: 88cbfb85bb80d07b44deb827861850248955a5d0e866938c155f8b86562e200e
                                    • Opcode Fuzzy Hash: 6f15053028e41fdfd6e8c8d020af5b50a62170bc42d0cee16909d7532140a91f
                                    • Instruction Fuzzy Hash: 395101B2514009EFDF6FAF58DC44DA97BA7FF04250F144176F132A2091E73199818B92
                                    APIs
                                    • GetLastError.KERNEL32 ref: 02D95C02
                                      • Part of subcall function 02D95339: GetVersionExA.KERNEL32(?), ref: 02D9535C
                                    • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 02D95C29
                                    • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 02D95C52
                                    • sqlite3_win32_mbcs_to_utf8.SQLITE3(?), ref: 02D95C61
                                    • LocalFree.KERNEL32(?), ref: 02D95C6D
                                    • sqlite3_snprintf.SQLITE3(?,?,OsError 0x%x (%u),00000000,00000000), ref: 02D95C84
                                    • sqlite3_snprintf.SQLITE3(?,?,02DDA2A8,?), ref: 02D95C99
                                      • Part of subcall function 02D953D2: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,7622DF80,?,02D954FD,?), ref: 02D953F0
                                      • Part of subcall function 02D953D2: _malloc.LIBCMT ref: 02D953F7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: FormatMessagesqlite3_snprintf$ByteCharErrorFreeLastLocalMultiVersionWide_mallocsqlite3_win32_mbcs_to_utf8
                                    • String ID: OsError 0x%x (%u)
                                    • API String ID: 1501359607-2664311388
                                    • Opcode ID: 30950ef4dc79eb9aaffaa55111a277e13acd1421f9189db27511e2a234f8abc9
                                    • Instruction ID: d27f661d48fb0ca4be325a42a714b0ea40498839d897b30162b5c4632e5c420a
                                    • Opcode Fuzzy Hash: 30950ef4dc79eb9aaffaa55111a277e13acd1421f9189db27511e2a234f8abc9
                                    • Instruction Fuzzy Hash: D4117931D01118BFDF226FA1EC48DAF7F79EF45B90BA08065F405A6210D7724E50DBA0
                                    APIs
                                    • IsDebuggerPresent.KERNEL32 ref: 03FCABFB
                                    • _crt_debugger_hook.MSVCR90(00000001), ref: 03FCAC08
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03FCAC10
                                    • UnhandledExceptionFilter.KERNEL32(03FEF7E0), ref: 03FCAC1B
                                    • _crt_debugger_hook.MSVCR90(00000001), ref: 03FCAC2C
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 03FCAC37
                                    • TerminateProcess.KERNEL32(00000000), ref: 03FCAC3E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                    • String ID:
                                    • API String ID: 3369434319-0
                                    • Opcode ID: 4222c20eebfbeae5a1b2095db5cf8000a8e2dcbd8180b83c0745ad47036059b4
                                    • Instruction ID: b98583cffd84e6e33be6319020ec9701d666d33196513e2047f66273f5396dde
                                    • Opcode Fuzzy Hash: 4222c20eebfbeae5a1b2095db5cf8000a8e2dcbd8180b83c0745ad47036059b4
                                    • Instruction Fuzzy Hash: C821B5F8811349DFCB10EF69F6586847BA5FB08325F50502AE948A7252E77CADC4CF45
                                    APIs
                                    • PyString_AsString.PYTHON27(?,1E001EE0,?,?,?,?,01193BBD), ref: 01195465
                                    • PyEval_SaveThread.PYTHON27(?,?,?,01193BBD), ref: 0119546D
                                    • sqlite3_prepare.SQLITE3(?,00000000,000000FF,01193BBD,?,?,?,?,01193BBD), ref: 01195483
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,00000000,000000FF,01193BBD,?,?,?,?,01193BBD), ref: 0119548B
                                    • sqlite3_bind_parameter_count.SQLITE3(?), ref: 0119549B
                                    • sqlite3_transfer_bindings.SQLITE3(?,?), ref: 011954AB
                                    • sqlite3_finalize.SQLITE3(?), ref: 011954B5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$RestoreSaveStringString_sqlite3_bind_parameter_countsqlite3_finalizesqlite3_preparesqlite3_transfer_bindings
                                    • String ID:
                                    • API String ID: 489258157-0
                                    • Opcode ID: f2ecca4a64502e0087e7a8a462dccd72e94db3ea2a5d6eaea16b4fb037801894
                                    • Instruction ID: 257bc9e91769227aceccd3bbf8bd871dbd4a0ad6c325ae09d4c2c10a85d8b222
                                    • Opcode Fuzzy Hash: f2ecca4a64502e0087e7a8a462dccd72e94db3ea2a5d6eaea16b4fb037801894
                                    • Instruction Fuzzy Hash: CAF06276500605EFCF6A5F69EC44C4AB7AAEF44224720853AF435E2260EB31E9109B10
                                    APIs
                                    • sqlite3_bind_null.SQLITE3(?,?), ref: 02DA4142
                                      • Part of subcall function 02DA40B9: sqlite3_mutex_leave.SQLITE3(?), ref: 02DA40D5
                                    • sqlite3_bind_zeroblob.SQLITE3(?,?,?), ref: 02DA415E
                                    • sqlite3_bind_double.SQLITE3(?,?,?,?), ref: 02DA41A8
                                    • sqlite3_bind_int64.SQLITE3(?,?,?,?), ref: 02DA41BA
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_bind_nullsqlite3_bind_zeroblobsqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 398744298-0
                                    • Opcode ID: 3a798a25c1e66753e1162a8161f342910e1869f9b19ca7715da9af8e4ab2759d
                                    • Instruction ID: c44b8a060faa1584d30b8aaecfb32c6decb7422b96e6929e3eb3061264bc7f90
                                    • Opcode Fuzzy Hash: 3a798a25c1e66753e1162a8161f342910e1869f9b19ca7715da9af8e4ab2759d
                                    • Instruction Fuzzy Hash: CB113076015105BFCF095F40DD21C693F66FF18320B058294FA686A2B1DB72CE21EF65
                                    APIs
                                    • IsDebuggerPresent.KERNEL32 ref: 02DCFCD4
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02DCFCE9
                                    • UnhandledExceptionFilter.KERNEL32(02DD59D0), ref: 02DCFCF4
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 02DCFD10
                                    • TerminateProcess.KERNEL32(00000000), ref: 02DCFD17
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                    • String ID:
                                    • API String ID: 2579439406-0
                                    • Opcode ID: 263ff04ca370bfbe9da890c7b7bb3bce1bfb472a3f84ec329beecf0b905a53b1
                                    • Instruction ID: 22bc47e2a655024a57c117d252ee42bc2be21bda6cace1d245c5eef22ed7e035
                                    • Opcode Fuzzy Hash: 263ff04ca370bfbe9da890c7b7bb3bce1bfb472a3f84ec329beecf0b905a53b1
                                    • Instruction Fuzzy Hash: DC21D2B4C81205DFDB04EF54F549A543BA8BB08311FA0891AEE098B384E7B05EA5CF55
                                    APIs
                                    • memset.MSVCR90 ref: 03FA9F67
                                    • memcpy.MSVCR90(00000000,?,?,?,00000000,?,?,00000000,-00000007), ref: 03FA9F7A
                                    • memcpy.MSVCR90(?,00000015,?), ref: 03FAA0D0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID: .\crypto\rsa\rsa_oaep.c
                                    • API String ID: 438689982-3887057465
                                    • Opcode ID: 8dd10ef56e6bfbde2c7a370e993e6c265ebaff6700509f6673c9fe07386bd116
                                    • Instruction ID: 0569855dfb449acec31f579000bf7a658bd4248ab5bea20a35d6114f018e2adf
                                    • Opcode Fuzzy Hash: 8dd10ef56e6bfbde2c7a370e993e6c265ebaff6700509f6673c9fe07386bd116
                                    • Instruction Fuzzy Hash: AA619AB5A083445FD710EB7CCC41B3BBBE89F8A310F48456EF5868B292D665E808C763
                                    APIs
                                    • GetSystemTime.KERNEL32(?), ref: 02D9611B
                                    • GetCurrentProcessId.KERNEL32 ref: 02D96139
                                    • GetTickCount.KERNEL32 ref: 02D9614E
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 02D96165
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                    • String ID:
                                    • API String ID: 4122616988-0
                                    • Opcode ID: 15756c3d858dd7d7e034369f85a401034efd1a0f2bbbdabbe5664ef90da5a9fa
                                    • Instruction ID: 7979cc597b080efe0db8b7f2928c3bf3fe1dcbdd773b9d91da84eda457031777
                                    • Opcode Fuzzy Hash: 15756c3d858dd7d7e034369f85a401034efd1a0f2bbbdabbe5664ef90da5a9fa
                                    • Instruction Fuzzy Hash: B6018432E00A289BCB118FA8D88859EF7E9FF49215B954825FD45E7344C271E941CBE0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Genu$ineI$ntel
                                    • API String ID: 0-3389352399
                                    • Opcode ID: 5ba61915f2da1cc844cfc0b29d67a44177d0b15a412d6738ddea479d23c40b43
                                    • Instruction ID: ffc01a3a4dfa143fe5b4619ba53d1b819793fd5110ecd1e0a7d92c2be5cb4239
                                    • Opcode Fuzzy Hash: 5ba61915f2da1cc844cfc0b29d67a44177d0b15a412d6738ddea479d23c40b43
                                    • Instruction Fuzzy Hash: 13F0BB77B1A20A0EF7259C79ACC977D24CFD3853B0F65CD76E106C2E85E469C9911020
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DA3517
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DA3564
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 158290876e29a87f38831ce9452206f7fc8f884cb253b10195d8095bbcd38c47
                                    • Instruction ID: c7cf6f425005d222970fc1c661ea9039f40c216e80b1014efed6589a02639ae2
                                    • Opcode Fuzzy Hash: 158290876e29a87f38831ce9452206f7fc8f884cb253b10195d8095bbcd38c47
                                    • Instruction Fuzzy Hash: 76018B32104600AACB689F6CD884AA6B7EAFF04328F04482EE885C3701D771F981CBA4
                                    APIs
                                      • Part of subcall function 02DA3E97: sqlite3_mutex_enter.SQLITE3(?,?,?,02DA3F68,?,?,?,?,02DA3FF7,?,?,?,00000000), ref: 02DA3EA8
                                    • sqlite3_mutex_leave.SQLITE3(?,?,?), ref: 02DA403A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 463f758dd45674f94df02e6e7b65488fd3798c495aecf5a101ac144f5b498ad7
                                    • Instruction ID: bb3840ec8a6c6cbabb4ec08531cfb1a813c5114a41f4b552cda36d2ef45ccebc
                                    • Opcode Fuzzy Hash: 463f758dd45674f94df02e6e7b65488fd3798c495aecf5a101ac144f5b498ad7
                                    • Instruction Fuzzy Hash: 71F08973504104AFC7049F19EC85C96F7EDEF98321F014269F9688B251EA71ED108BA5
                                    APIs
                                      • Part of subcall function 02DA3E97: sqlite3_mutex_enter.SQLITE3(?,?,?,02DA3F68,?,?,?,?,02DA3FF7,?,?,?,00000000), ref: 02DA3EA8
                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,02DA4064,?,?,?), ref: 02DA40A6
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 459fb2d5b10e64ab0592dc59e9758a30198ceec074ade070753122ee368d73fe
                                    • Instruction ID: 7f09c28c42e129dabf685b3f9f566549c94bb33841f8ab03cdfd4f191f081e23
                                    • Opcode Fuzzy Hash: 459fb2d5b10e64ab0592dc59e9758a30198ceec074ade070753122ee368d73fe
                                    • Instruction Fuzzy Hash: C6F08233504109AFCB109F59EC81C8AB7AAEF99320F014166F9189B261EB71ED108FA5
                                    APIs
                                      • Part of subcall function 02DA3E97: sqlite3_mutex_enter.SQLITE3(?,?,?,02DA3F68,?,?,?,?,02DA3FF7,?,?,?,00000000), ref: 02DA3EA8
                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,02DA4163,?,?,?), ref: 02DA41FA
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 287013bdf94d40daa3724a50cb8fe6a6936ab87e88f13b38533e030e711cf314
                                    • Instruction ID: 8b7241c34f1b50fd3e3a27f93837c1009970e7a9def184d14be7bcf1d7eb8f58
                                    • Opcode Fuzzy Hash: 287013bdf94d40daa3724a50cb8fe6a6936ab87e88f13b38533e030e711cf314
                                    • Instruction Fuzzy Hash: DBF0C037204119AB8B109E59EC90D8ABBE9EF59360B114066F918CF311D771ED418BA0
                                    APIs
                                      • Part of subcall function 02DA3E97: sqlite3_mutex_enter.SQLITE3(?,?,?,02DA3F68,?,?,?,?,02DA3FF7,?,?,?,00000000), ref: 02DA3EA8
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DA40D5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 39ba8cb527186e14f9249cc275b90aa5eb945798a08a920aaf726c5ce10bd738
                                    • Instruction ID: c6765602bd6684e36dd2736988ad0c56e22764cf1523e3c96e65858076923463
                                    • Opcode Fuzzy Hash: 39ba8cb527186e14f9249cc275b90aa5eb945798a08a920aaf726c5ce10bd738
                                    • Instruction Fuzzy Hash: EFD0523B2080006A8B15AA48EC15C4AABA6DFC4332B25046EFA8087760DA21DC189B21
                                    APIs
                                    • sqlite3_bind_int64.SQLITE3(?,?,?), ref: 02DA405F
                                      • Part of subcall function 02DA406B: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,02DA4064,?,?,?), ref: 02DA40A6
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 3064317574-0
                                    • Opcode ID: b705ee5b8472981792d7957eaf538b6ae649dfb9a343c80b8b2f90a4e567cad5
                                    • Instruction ID: 13c66a9419ab8c677f1dd876f665eaad26dff30e07d003ef74b00de462f0c2a5
                                    • Opcode Fuzzy Hash: b705ee5b8472981792d7957eaf538b6ae649dfb9a343c80b8b2f90a4e567cad5
                                    • Instruction Fuzzy Hash: B3C012B240050CAB9B106E488C02CBA772ED741230F404254BD78462A0E6729E3057D5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 92fd47cb1268addcaf93ab98bf4aef5e65642a42b12bdffe4bd9ac20666cb250
                                    • Instruction ID: 72d2f6cf3de4121a41654be78b19f35a4999e67e3fca7696f0ba54ba28f7d819
                                    • Opcode Fuzzy Hash: 92fd47cb1268addcaf93ab98bf4aef5e65642a42b12bdffe4bd9ac20666cb250
                                    • Instruction Fuzzy Hash: D6F0E531058782AEC7609774A020AA6FBE57F81208F08086A94D683B42D3F0FC85C7B2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 54a0b6c8fb498685ff409ca9ab897b534668af54b0a6f2766944bb2fde83c4e1
                                    • Instruction ID: 0cc69f2363d4925172a66b9c2d82dc62563082af1f97b5d6c25dbe504b1da29a
                                    • Opcode Fuzzy Hash: 54a0b6c8fb498685ff409ca9ab897b534668af54b0a6f2766944bb2fde83c4e1
                                    • Instruction Fuzzy Hash: C9D02B7AC0200069EB05CD38DD56B61B3EFF3D1720F48CDA5F042D2249D23CC5548115
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 267ab92f9f4bb7da268c23c4bab3bf9e9c39e59b5159c2c4c2fcfc2cfd350f54
                                    • Instruction ID: 1a7a1875d2af4d19e4901278ebf4450cc363c6f5ac8aad1a7f5cd14f8afb3101
                                    • Opcode Fuzzy Hash: 267ab92f9f4bb7da268c23c4bab3bf9e9c39e59b5159c2c4c2fcfc2cfd350f54
                                    • Instruction Fuzzy Hash: 31E01237609A215742D0DAACD490D5F77EAFB85755B478819F44297700D3A1FC42C7E1
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 2496040974-0
                                    • Opcode ID: 553a5512d61f9d04fc0bc48c1506f99c81b705894a908b0279676cbac7f19b4b
                                    • Instruction ID: 85ae3d16af486f6065b2e91587ace8718cc862f1d0affcd5cd899721d8107e82
                                    • Opcode Fuzzy Hash: 553a5512d61f9d04fc0bc48c1506f99c81b705894a908b0279676cbac7f19b4b
                                    • Instruction Fuzzy Hash: 54D0C93211420DABDF019E88DC81DCA7B6AFB08710F404040FA1C06291D272E9709BA1
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 2496040974-0
                                    • Opcode ID: 83040fb621a248ebdfdd3bc8edc176afde5249bed6998fecdf32660d17843e4b
                                    • Instruction ID: 386b8455fd922e22dfb6d177455f4e20ba81e718c8d822f212f5ba2cc3e01a6a
                                    • Opcode Fuzzy Hash: 83040fb621a248ebdfdd3bc8edc176afde5249bed6998fecdf32660d17843e4b
                                    • Instruction Fuzzy Hash: 77D0C93211420DABDF019E88DC82D8A7B6AFB08710F404040FA1C06291D272E9709BA1
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 2496040974-0
                                    • Opcode ID: f572e0c7145a6bff122cdab4091dc3b27a56e446945078a2a622a932a742a68c
                                    • Instruction ID: 8ed9036d5e7ebf2256a6244686645890bbd07d76117d40d4ad5de6e750752585
                                    • Opcode Fuzzy Hash: f572e0c7145a6bff122cdab4091dc3b27a56e446945078a2a622a932a742a68c
                                    • Instruction Fuzzy Hash: D1D0C93211420DABDF019E88DC81E8A7B6AFB08610F404040FA1C06291D272E9709BA5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30b8799b5b76626f70b44a99a09fe7e356b5869e53ef6ca5d65a512eefd1c552
                                    • Instruction ID: 5585e4dc24c9e175d6bdc84936c25952694e89b79306a46e5d585104750b7f0c
                                    • Opcode Fuzzy Hash: 30b8799b5b76626f70b44a99a09fe7e356b5869e53ef6ca5d65a512eefd1c552
                                    • Instruction Fuzzy Hash: C5B092B21083016A8688F7A4E860C4B6BDADA84350F20890DB04A822A2CF31EC818E25
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 076f4f907659515025c1e90eb6fbfd80b6b96be2c25559d84bde888d366d21ec
                                    • Instruction ID: 9fc94d213ee68d4e6011d7a4045702dd50a219e8d46764a357813e513630e27e
                                    • Opcode Fuzzy Hash: 076f4f907659515025c1e90eb6fbfd80b6b96be2c25559d84bde888d366d21ec
                                    • Instruction Fuzzy Hash: E0B01220304500458F20CE258540A3733D86B80F05B0844D47448C6040EB34CC40E100
                                    APIs
                                    • Py_InitModule4.PYTHON27(_sqlite3,0119A5B8,00000000,00000000,000003F5), ref: 01194733
                                      • Part of subcall function 01194E69: PyType_Ready.PYTHON27(0119A100,0119474B), ref: 01194E82
                                      • Part of subcall function 011942CB: PyType_Ready.PYTHON27(0119A8A8,01194758), ref: 011942DA
                                      • Part of subcall function 01192EE3: PyType_Ready.PYTHON27(0119AC70,01194765), ref: 01192EF2
                                    • PyType_Ready.PYTHON27(0119AD68), ref: 01194789
                                    • PyType_Ready.PYTHON27(0119AE30), ref: 0119479A
                                      • Part of subcall function 01195628: PyType_Ready.PYTHON27(0119A010,011947AA), ref: 01195637
                                      • Part of subcall function 01194AF7: PyType_Ready.PYTHON27(0119A1E8,011947B7), ref: 01194B10
                                    • PyModule_AddObject.PYTHON27(00000000,Connection,0119AC70), ref: 011947D6
                                    • PyModule_AddObject.PYTHON27(00000000,Cursor,0119A8A8), ref: 011947E9
                                    • PyModule_AddObject.PYTHON27(00000000,Statement,0119A010), ref: 011947FC
                                    • PyModule_AddObject.PYTHON27(00000000,Cache,0119AE30), ref: 0119480B
                                    • PyModule_AddObject.PYTHON27(00000000,PrepareProtocol,0119A1E8), ref: 0119481E
                                    • PyModule_AddObject.PYTHON27(00000000,Row,0119A100), ref: 01194831
                                    • PyModule_GetDict.PYTHON27(00000000), ref: 01194837
                                    • PyErr_NewException.PYTHON27(sqlite3.Error,1E1F10E4,00000000), ref: 0119485B
                                    • PyDict_SetItemString.PYTHON27(00000000,Error,00000000), ref: 0119487A
                                    • PyErr_NewException.PYTHON27(sqlite3.Warning,1E1F10E4,00000000), ref: 01194889
                                    • PyDict_SetItemString.PYTHON27(00000000,Warning,00000000), ref: 011948A2
                                    • PyErr_NewException.PYTHON27(sqlite3.InterfaceError,00000000), ref: 011948B0
                                    • PyDict_SetItemString.PYTHON27(00000000,InterfaceError,00000000), ref: 011948C9
                                    • PyErr_NewException.PYTHON27(sqlite3.DatabaseError,00000000), ref: 011948D7
                                    • PyDict_SetItemString.PYTHON27(00000000,DatabaseError,00000000), ref: 011948F0
                                    • PyErr_NewException.PYTHON27(sqlite3.InternalError,00000000), ref: 011948FE
                                    • PyDict_SetItemString.PYTHON27(00000000,InternalError,00000000), ref: 01194917
                                    • PyErr_NewException.PYTHON27(sqlite3.OperationalError,00000000), ref: 01194925
                                    • PyDict_SetItemString.PYTHON27(00000000,OperationalError,00000000), ref: 0119493E
                                    • PyErr_NewException.PYTHON27(sqlite3.ProgrammingError,00000000), ref: 0119494C
                                    • PyDict_SetItemString.PYTHON27(00000000,ProgrammingError,00000000), ref: 01194965
                                    • PyErr_NewException.PYTHON27(sqlite3.IntegrityError,00000000), ref: 01194973
                                    • PyDict_SetItemString.PYTHON27(00000000,IntegrityError,00000000), ref: 0119498C
                                    • PyErr_NewException.PYTHON27(sqlite3.DataError,00000000), ref: 0119499A
                                    • PyDict_SetItemString.PYTHON27(00000000,DataError,00000000), ref: 011949B3
                                    • PyErr_NewException.PYTHON27(sqlite3.NotSupportedError,00000000), ref: 011949C1
                                    • PyDict_SetItemString.PYTHON27(00000000,NotSupportedError,00000000), ref: 011949DA
                                    • PyDict_SetItemString.PYTHON27(00000000,OptimizedUnicode,1E1FBE18), ref: 011949F4
                                    • PyInt_FromLong.PYTHON27(00000001), ref: 01194A0B
                                    • PyDict_SetItemString.PYTHON27(00000000,011984A4,00000000), ref: 01194A24
                                    • PyString_FromString.PYTHON27(2.6.0), ref: 01194A50
                                    • PyDict_SetItemString.PYTHON27(00000000,version,00000000), ref: 01194A64
                                    • sqlite3_libversion.SQLITE3 ref: 01194A75
                                    • PyString_FromString.PYTHON27(00000000), ref: 01194A7B
                                    • PyDict_SetItemString.PYTHON27(00000000,sqlite_version,00000000), ref: 01194A8F
                                    • PyEval_InitThreads.PYTHON27 ref: 01194ABA
                                    • PyErr_Occurred.PYTHON27 ref: 01194AC0
                                    • PyErr_SetString.PYTHON27(1E1F18D4,sqlite3: init failed), ref: 01194AD6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Dict_Item$Err_$Exception$Module_ReadyType_$Object$From$InitString_$DictEval_Int_LongModule4OccurredThreadssqlite3_libversion
                                    • String ID: 2.6.0$Cache$Connection$Cursor$DataError$DatabaseError$Error$IntegrityError$InterfaceError$InternalError$NotSupportedError$OperationalError$OptimizedUnicode$PrepareProtocol$ProgrammingError$Row$Statement$Warning$_sqlite3$sqlite3.DataError$sqlite3.DatabaseError$sqlite3.Error$sqlite3.IntegrityError$sqlite3.InterfaceError$sqlite3.InternalError$sqlite3.NotSupportedError$sqlite3.OperationalError$sqlite3.ProgrammingError$sqlite3.Warning$sqlite3: init failed$sqlite_version$version
                                    • API String ID: 83189623-4085081211
                                    • Opcode ID: 043314aa540111eddc58d18a359f9040bc40d802557d5a8d16a8c5b9d491819c
                                    • Instruction ID: 1e19bd6841930b84bf4e1ec7567b24f5df1c72766dc3ee90b6bb16bda857e084
                                    • Opcode Fuzzy Hash: 043314aa540111eddc58d18a359f9040bc40d802557d5a8d16a8c5b9d491819c
                                    • Instruction Fuzzy Hash: AF91D371644218BFCB2C6FBABC81D2F3F68EF46609305046EF53297505DB75A0928FA9
                                    APIs
                                    • Py_InitModule4.PYTHON27(_ssl,04008CF0,Implementation module for SSL socket operations. See the socket modulefor documentation.,00000000,000003F5), ref: 03F61020
                                    • PyModule_GetDict.PYTHON27(00000000), ref: 03F61036
                                    • PyCapsule_Import.PYTHON27(_socket.CAPI,00000001), ref: 03F61045
                                    • malloc.MSVCR90 ref: 03F61091
                                    • memset.MSVCR90 ref: 03F610AB
                                    • PyThread_allocate_lock.PYTHON27 ref: 03F610C0
                                    • PyErr_NewException.PYTHON27(ssl.SSLError,036A9748,00000000), ref: 03F61106
                                    • PyDict_SetItemString.PYTHON27(00000000,SSLError,00000000), ref: 03F61129
                                    • PyDict_SetItemString.PYTHON27(00000000,SSLType,040089D8), ref: 03F61141
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_ZERO_RETURN,00000006), ref: 03F6115C
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_WANT_READ,00000002), ref: 03F61166
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_WANT_WRITE,00000003), ref: 03F61170
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_WANT_X509_LOOKUP,00000004), ref: 03F6117A
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_SYSCALL,00000005), ref: 03F61184
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_SSL,00000001), ref: 03F6118E
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_WANT_CONNECT,00000007), ref: 03F6119B
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_EOF,00000008), ref: 03F611A5
                                    • PyModule_AddIntConstant.PYTHON27(00000000,SSL_ERROR_INVALID_ERROR_CODE,00000009), ref: 03F611AF
                                    • PyModule_AddIntConstant.PYTHON27(00000000,CERT_NONE,00000000), ref: 03F611B9
                                    • PyModule_AddIntConstant.PYTHON27(00000000,CERT_OPTIONAL,00000001), ref: 03F611C3
                                    • PyModule_AddIntConstant.PYTHON27(00000000,CERT_REQUIRED,00000002), ref: 03F611CD
                                    • PyModule_AddIntConstant.PYTHON27(00000000,PROTOCOL_SSLv2,00000000), ref: 03F611DA
                                    • PyModule_AddIntConstant.PYTHON27(00000000,PROTOCOL_SSLv3,00000001), ref: 03F611E4
                                    • PyModule_AddIntConstant.PYTHON27(00000000,PROTOCOL_SSLv23,00000002), ref: 03F611EE
                                    • PyModule_AddIntConstant.PYTHON27(00000000,PROTOCOL_TLSv1,00000003), ref: 03F611F8
                                    • PyLong_FromUnsignedLong.PYTHON27(00000000), ref: 03F61202
                                    • PyModule_AddObject.PYTHON27(00000000,OPENSSL_VERSION_NUMBER,00000000), ref: 03F6121C
                                    • Py_BuildValue.PYTHON27(IIIII,00000000,00000000,?,?,00000000), ref: 03F6124F
                                    • PyModule_AddObject.PYTHON27(00000000,OPENSSL_VERSION_INFO,00000000), ref: 03F61263
                                    • PyString_FromString.PYTHON27(00000000,00000000), ref: 03F61273
                                    • PyModule_AddObject.PYTHON27(00000000,OPENSSL_VERSION,00000000), ref: 03F61287
                                    • PyThread_free_lock.PYTHON27(00000000), ref: 03FD0F58
                                    • free.MSVCR90 ref: 03FD0F6D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Module_$Constant$ObjectString$Dict_FromItem$BuildCapsule_DictErr_ExceptionImportInitLongLong_Module4String_Thread_allocate_lockThread_free_lockUnsignedValuefreemallocmemset
                                    • String ID: CERT_NONE$CERT_OPTIONAL$CERT_REQUIRED$IIIII$Implementation module for SSL socket operations. See the socket modulefor documentation.$OPENSSL_VERSION$OPENSSL_VERSION_INFO$OPENSSL_VERSION_NUMBER$PROTOCOL_SSLv2$PROTOCOL_SSLv23$PROTOCOL_SSLv3$PROTOCOL_TLSv1$SSLError$SSLType$SSL_ERROR_EOF$SSL_ERROR_INVALID_ERROR_CODE$SSL_ERROR_SSL$SSL_ERROR_SYSCALL$SSL_ERROR_WANT_CONNECT$SSL_ERROR_WANT_READ$SSL_ERROR_WANT_WRITE$SSL_ERROR_WANT_X509_LOOKUP$SSL_ERROR_ZERO_RETURN$_socket.CAPI$_ssl$ssl.SSLError
                                    • API String ID: 15496925-2027608729
                                    • Opcode ID: eda9ec6ad40219bbcbc07817db0ab24afd867631b2c2ebbf001c539322bebee7
                                    • Instruction ID: 11821b6797bdbca162a000dd48d2027cca018d097437dc50fdee6313bea749ac
                                    • Opcode Fuzzy Hash: eda9ec6ad40219bbcbc07817db0ab24afd867631b2c2ebbf001c539322bebee7
                                    • Instruction Fuzzy Hash: F1511A74E8031A7FE260F7755C4AF5B7A1CDF40B85F040122FF09B6197DA69F4188AA5
                                    APIs
                                    • PyErr_SetString.PYTHON27(Cursor needed to be reset because of commit/rollback and can no longer be fetched from.), ref: 011933EB
                                    • PyEval_SaveThread.PYTHON27 ref: 011933FA
                                    • sqlite3_data_count.SQLITE3(?), ref: 01193408
                                    • PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01193412
                                    • PyTuple_New.PYTHON27(?), ref: 0119341C
                                    • PyList_GetItem.PYTHON27(00000000,?), ref: 0119344B
                                    • sqlite3_column_bytes.SQLITE3(?,?), ref: 01193471
                                    • sqlite3_column_blob.SQLITE3(?,?,?,?), ref: 01193484
                                    • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 01193495
                                    • PyObject_CallFunction.PYTHON27(1E1F18CC,011973F4,00000000), ref: 011934AE
                                    • PyTuple_SetItem.PYTHON27(?,?), ref: 0119369E
                                    • PyErr_Occurred.PYTHON27 ref: 011936B9
                                    Strings
                                    • <unknown column name>, xrefs: 011935FD, 01193603
                                    • Cursor needed to be reset because of commit/rollback and can no longer be fetched from., xrefs: 011933E0
                                    • Could not decode to UTF-8 column '%s' with text '%s', xrefs: 01193604
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Eval_ItemStringThreadTuple_$CallFromFunctionList_Object_OccurredRestoreSaveSizeString_sqlite3_column_blobsqlite3_column_bytessqlite3_data_count
                                    • String ID: <unknown column name>$Could not decode to UTF-8 column '%s' with text '%s'$Cursor needed to be reset because of commit/rollback and can no longer be fetched from.
                                    • API String ID: 634202114-1197808500
                                    • Opcode ID: 4d6db8baf58ed5c86fa943531baf513f7781539b278c6a9820a1af64576f04cc
                                    • Instruction ID: 1baa58bca6084707c0ddada8433fd6e376d12550ec305bc16d4c9bdae4bc9438
                                    • Opcode Fuzzy Hash: 4d6db8baf58ed5c86fa943531baf513f7781539b278c6a9820a1af64576f04cc
                                    • Instruction Fuzzy Hash: 3C91C075128201DFDF2D9F78E84892ABBE6FF88224F154539F97583251EB31D9408F52
                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,O|diOiOi,0119A96C,?,?,?,?,?,?,?), ref: 01191414
                                    • PyObject_GetAttrString.PYTHON27(?,__class__), ref: 01191482
                                    • PyObject_Str.PYTHON27(00000000), ref: 01191494
                                    • PyString_AsString.PYTHON27(00000000), ref: 011914A8
                                    • PyErr_SetString.PYTHON27(1E1F35DC,database parameter must be string or APSW Connection object), ref: 01191503
                                    • PyUnicodeUCS2_AsUTF8String.PYTHON27(?), ref: 0119151C
                                    • PyEval_SaveThread.PYTHON27 ref: 01191529
                                    • PyString_AsString.PYTHON27(00000000,?), ref: 0119153A
                                    • sqlite3_open.SQLITE3(00000000), ref: 01191542
                                    • PyEval_RestoreThread.PYTHON27(?,00000000), ref: 0119154D
                                    • PyString_FromString.PYTHON27(011979D8), ref: 01191580
                                    • PyObject_CallFunction.PYTHON27(0119AE30,011979DC,?,?), ref: 011915C5
                                    • PyErr_Occurred.PYTHON27 ref: 011915D1
                                    • PyList_New.PYTHON27(00000000), ref: 011915EC
                                    • PyList_New.PYTHON27(00000000), ref: 011915F2
                                    • sqlite3_busy_timeout.SQLITE3(?,00000000), ref: 0119163D
                                    • PyThread_get_thread_ident.PYTHON27 ref: 01191644
                                    • PyDict_New.PYTHON27 ref: 01191659
                                    • PyDict_New.PYTHON27 ref: 01191666
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Object_String_$Dict_Err_Eval_List_Thread$Arg_AttrCallFromFunctionKeywordsOccurredParseRestoreSaveThread_get_thread_identTupleUnicodesqlite3_busy_timeoutsqlite3_open
                                    • String ID: <type 'apsw.Connection'>$O|diOiOi$__class__$d$database parameter must be string or APSW Connection object
                                    • API String ID: 1772384132-3128269693
                                    • Opcode ID: a414db1ea0390bf69cfe4266bcde83f5ee428619ce52b083bda9c7345e9763df
                                    • Instruction ID: 3af51b58bc11af66ecca0e418bf9b30c3b523daa791a557484dc405e02b53e5c
                                    • Opcode Fuzzy Hash: a414db1ea0390bf69cfe4266bcde83f5ee428619ce52b083bda9c7345e9763df
                                    • Instruction Fuzzy Hash: 64A15CB5900215EFDF19DF68D88499DBBB8FF0D720B1540AAE926DB256D730D980CF90
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,OO|iiii:getaddrinfo,?,?,?,?,?,?), ref: 01184CB2
                                    • PyInt_AsLong.PYTHON27(?), ref: 01184D40
                                    • PyOS_snprintf.PYTHON27(?,0000001E,%ld,00000000), ref: 01184D53
                                    • PyEval_SaveThread.PYTHON27 ref: 01184DB4
                                    • PyThread_acquire_lock.PYTHON27(03697740,00000001), ref: 01184DC5
                                    • PyEval_RestoreThread.PYTHON27(00000000,00000000,00000000,?,?), ref: 01184DE2
                                    • PyThread_release_lock.PYTHON27(03697740), ref: 01184DEF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_Int_LongParseRestoreS_snprintfSaveThread_acquire_lockThread_release_lockTuple
                                    • String ID: %ld$Int or String expected$OO|iiii:getaddrinfo$encode$getaddrinfo() argument 1 must be string or None$idna$iiisO
                                    • API String ID: 1559199678-3613348059
                                    • Opcode ID: 624a2d1ba214ffac68ea08ade962add631934b497811f014dc126662cbcd1577
                                    • Instruction ID: 729d0b6f34f0f2ec2c44de382c94314a5c875ed493bf88a473ab8ef6365ba735
                                    • Opcode Fuzzy Hash: 624a2d1ba214ffac68ea08ade962add631934b497811f014dc126662cbcd1577
                                    • Instruction Fuzzy Hash: 3691F3716043019FD728EF68D884B6BB7E8BB88614F04CA2CF95987642DB35E945CF92
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02D91F69
                                      • Part of subcall function 02D91D12: _memset.LIBCMT ref: 02D91D1F
                                      • Part of subcall function 02D91D12: sqlite3_value_text.SQLITE3(?), ref: 02D91D9A
                                    • sqlite3_result_error_toobig.SQLITE3(?), ref: 02D9204C
                                    • sqlite3_result_error_nomem.SQLITE3(?), ref: 02D9206F
                                    • sqlite3_snprintf.SQLITE3(00000005,00000002,%04d,?), ref: 02D92103
                                    • sqlite3_snprintf.SQLITE3(00000003,-0000004B,%02d,?), ref: 02D9212B
                                    • sqlite3_snprintf.SQLITE3(00000003,00000000,%02d,?), ref: 02D9216E
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D921BE
                                    • __allrem.LIBCMT ref: 02D921C8
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D921EA
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D92259
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D9227E
                                    • __allrem.LIBCMT ref: 02D92288
                                    • sqlite3_snprintf.SQLITE3(00000003,?,%02d,?,00000000,?,00000007,00000000,?,?,05265C00,00000000,?,?,05265C00,00000000), ref: 02D922AD
                                    • sqlite3_snprintf.SQLITE3(00000004,?,%03d,00000001,?,?,05265C00,00000000), ref: 02D922C9
                                    • sqlite3_snprintf.SQLITE3(00000007,?,%06.3f), ref: 02D92305
                                    • sqlite3_result_text.SQLITE3(?,?,000000FF,Function_00002D0C), ref: 02D92344
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf$Unothrow_t@std@@@__ehfuncinfo$??2@$__allremsqlite3_value_text$_memsetsqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_text
                                    • String ID: %.16g$%02d$%03d$%04d$%06.3f$%lld
                                    • API String ID: 1995948532-866662573
                                    • Opcode ID: 0fb1385e0f8aff3ee34f32eda70eaa44ae5101b6d35c9ecb38cc28db5a9a492a
                                    • Instruction ID: a26242cf233e4085f07112f7d904cd555f8785c1731f254eb731a17d58ea26be
                                    • Opcode Fuzzy Hash: 0fb1385e0f8aff3ee34f32eda70eaa44ae5101b6d35c9ecb38cc28db5a9a492a
                                    • Instruction Fuzzy Hash: 68B16872908302BBEF249E68CC4CB2B7BA9EB41348F144A59FDD996391D731DD01CB62
                                    APIs
                                    • _PyObject_New.PYTHON27(040089D8), ref: 03FD1EE0
                                    • memset.MSVCR90 ref: 03FD1EFB
                                    • memset.MSVCR90 ref: 03FD1F0D
                                    • PyErr_SetString.PYTHON27(036AAE28,_ssl.c:331: No root certificates specified for verification of other-side certificates.), ref: 03FD1F52
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD1F88
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD1FD3
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD2030
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD2053
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD2084
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD20A7
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD20CF
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD20F4
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD2162
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD2183
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD21FB
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD222B
                                    Strings
                                    • _ssl.c:316: Invalid SSL protocol variant specified., xrefs: 03FD1FE3
                                    • _ssl.c:331: No root certificates specified for verification of other-side certificates., xrefs: 03FD1F4B, 03FD201C
                                    • _ssl.c:298: Both the key & certificate files must be specified for server-side operation, xrefs: 03FD1F46
                                    • _ssl.c:323: No cipher can be selected., xrefs: 03FD2003
                                    • _ssl.c:291: Both the key & certificate files must be specified, xrefs: 03FD1F79
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$RestoreSave$memset$Err_Object_String
                                    • String ID: _ssl.c:291: Both the key & certificate files must be specified$_ssl.c:298: Both the key & certificate files must be specified for server-side operation$_ssl.c:316: Invalid SSL protocol variant specified.$_ssl.c:323: No cipher can be selected.$_ssl.c:331: No root certificates specified for verification of other-side certificates.
                                    • API String ID: 2816859145-1156894968
                                    • Opcode ID: ed71944eb6358b7c2123e994dbb73313ef4908ee6d3d91c0cfc709c9f3198d3c
                                    • Instruction ID: da3066ba4ba255e4533ff9cb3eb28dfb11fd51aa41602e7c551476695c255e2b
                                    • Opcode Fuzzy Hash: ed71944eb6358b7c2123e994dbb73313ef4908ee6d3d91c0cfc709c9f3198d3c
                                    • Instruction Fuzzy Hash: F19119B9D40301ABD730EF75AC8CB2B73BAEB80701F0C492AE6569B241DB35E441C792
                                    APIs
                                    • PyErr_SetString.PYTHON27(036A9748,getsockaddrarg: bad family,?,?,?,?,?,?,?), ref: 01184975
                                    • PyErr_Format.PYTHON27(?,getsockaddrarg: AF_INET6 address must be tuple, not %.500s,?,?,?,?,?,?,?,?), ref: 011849B0
                                    • PyErr_Format.PYTHON27(?,getsockaddrarg: AF_INET address must be tuple, not %.500s,?,?,?,?,?,?,?,?), ref: 01184AC8
                                    Strings
                                    • getsockaddrarg: bad family, xrefs: 0118496F
                                    • getsockaddrarg: port must be 0-65535., xrefs: 01184A92, 01184B5A
                                    • getsockaddrarg: flowinfo must be 0-1048575., xrefs: 01184A72
                                    • idna, xrefs: 011849D7, 01184AE5
                                    • getsockaddrarg: AF_INET address must be tuple, not %.500s, xrefs: 01184AC2
                                    • eti:getsockaddrarg, xrefs: 01184AEA
                                    • getsockaddrarg: AF_INET6 address must be tuple, not %.500s, xrefs: 011849AA
                                    • eti|II, xrefs: 011849DC
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Format$String
                                    • String ID: eti:getsockaddrarg$eti|II$getsockaddrarg: AF_INET address must be tuple, not %.500s$getsockaddrarg: AF_INET6 address must be tuple, not %.500s$getsockaddrarg: bad family$getsockaddrarg: flowinfo must be 0-1048575.$getsockaddrarg: port must be 0-65535.$idna
                                    • API String ID: 1780620971-1974031146
                                    • Opcode ID: 44dc8aa927d6ce30cad6abdb9bb74fca8e89c4a09a208707d09886c86e8baf21
                                    • Instruction ID: 287b95c2116e6d7fc66503dfcf2452c1eff7a0877d44467ff72c66e7d1e4e072
                                    • Opcode Fuzzy Hash: 44dc8aa927d6ce30cad6abdb9bb74fca8e89c4a09a208707d09886c86e8baf21
                                    • Instruction Fuzzy Hash: B551B1312002019FD328EF68E885B6BB7E4EFC8615F54C539F949C7206E736D548CB66
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 011843AA
                                    • PyEval_RestoreThread.PYTHON27(00000000,00000000,01186544,?,?), ref: 011843DC
                                    • PyThread_release_lock.PYTHON27(03697740,?,?,?,?,?,?,?,?,?,?,?,?,0118492B,?,?), ref: 011843E8
                                    • PyErr_SetString.PYTHON27(036A9748,unsupported address family,?), ref: 0118442C
                                      • Part of subcall function 01182D6F: Py_BuildValue.PYTHON27((is),00000000,getaddrinfo failed,?,011843FB,00000000), ref: 01182D7F
                                      • Part of subcall function 01182D6F: PyErr_SetObject.PYTHON27(036AB5C8,00000000), ref: 01182D96
                                    • PyThread_acquire_lock.PYTHON27(03697740,00000001), ref: 011843BA
                                      • Part of subcall function 01184099: getaddrinfo.WS2_32(?,?,00000000,?,?,011845F0,?,00000000,?,?), ref: 011840C2
                                      • Part of subcall function 01184099: WSASetLastError.WS2_32(00000000), ref: 011840C7
                                    • PyErr_SetString.PYTHON27(036A9748,address family mismatched), ref: 01184464
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Eval_StringThread$BuildErrorLastObjectRestoreSaveThread_acquire_lockThread_release_lockValuegetaddrinfo
                                    • String ID: %d.%d.%d.%d%c$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                    • API String ID: 2833498599-676636350
                                    • Opcode ID: 207da6bd5ad2d67422e5d40ba460253ae655ad69a6e8405da53ba47c2c677f7c
                                    • Instruction ID: 2750c0e8ec033e0c3b03e2f5a177be72f3d2afeec253ffd925517aa907e4436f
                                    • Opcode Fuzzy Hash: 207da6bd5ad2d67422e5d40ba460253ae655ad69a6e8405da53ba47c2c677f7c
                                    • Instruction Fuzzy Hash: C491A2715043019FD328EF6CD88476EBBE4EB89221F44892EF999C3A41DB36D549CF62
                                    APIs
                                    • _memset.LIBCMT ref: 02D91843
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D9187D
                                    • _strncmp.LIBCMT ref: 02D91B03
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D91B92
                                    • __allrem.LIBCMT ref: 02D91B9D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem_memset_strncmp
                                    • String ID: -$day$hour$localtime$minute$month$second$start of $unixepoch$utc$weekday $year
                                    • API String ID: 380913612-3507268942
                                    • Opcode ID: 2b0ddc0a0242b5122b8ea813a570f9989b3b58d0438eeec368fc9a2413f6847c
                                    • Instruction ID: 0343da74c0dca2f36e16b0ad0de77ee20e939237f605999f60cc55bae23bf394
                                    • Opcode Fuzzy Hash: 2b0ddc0a0242b5122b8ea813a570f9989b3b58d0438eeec368fc9a2413f6847c
                                    • Instruction Fuzzy Hash: 63F10472E0825AEBDF10AF64C8843AD7BB5EF05324F294599F848AB386D774CD45CB60
                                    APIs
                                    • PyDict_New.PYTHON27 ref: 03FD2845
                                    • PyDict_SetItemString.PYTHON27(00000000,subject,00000000), ref: 03FD2882
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Dict_$ItemString
                                    • String ID: issuer$notAfter$notBefore$serialNumber$subject$subjectAltName$version
                                    • API String ID: 1169755417-2853083456
                                    • Opcode ID: 4375f98d4ad43763ec31099bd88407fd7cbf395adc37cf60869a2836b2901a3d
                                    • Instruction ID: d8a8c89196c869e125a92904a65b87dd96fe08f2afc8cef0ba1c6530f6ba31f6
                                    • Opcode Fuzzy Hash: 4375f98d4ad43763ec31099bd88407fd7cbf395adc37cf60869a2836b2901a3d
                                    • Instruction Fuzzy Hash: 9A91E676D003027BD210EB20DC49F9BB39AAF41724F1C0624ED559B391EB79E956C6E2
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,Oi:getnameinfo,?,?), ref: 01184112
                                    • PyErr_SetString.PYTHON27(?,getnameinfo() argument 1 must be a tuple), ref: 01184139
                                    • PyArg_ParseTuple.PYTHON27(?,si|II,?,?,?,?), ref: 01184167
                                    • PyOS_snprintf.PYTHON27(?,00000020,01186BE4,?), ref: 01184190
                                    • PyEval_SaveThread.PYTHON27 ref: 011841BC
                                    • PyThread_acquire_lock.PYTHON27(03697740,00000001), ref: 011841CD
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?), ref: 011841F2
                                    • PyThread_release_lock.PYTHON27(03697740), ref: 011841FF
                                    • PyErr_SetString.PYTHON27(036A9748,sockaddr resolved to multiple addresses), ref: 01184230
                                    • htonl.WS2_32(?), ref: 01184253
                                    • PyErr_SetString.PYTHON27(?,getsockaddrarg: flowinfo must be 0-1048575.), ref: 011842F8
                                    Strings
                                    • sockaddr resolved to multiple addresses, xrefs: 0118422A
                                    • getnameinfo() argument 1 must be a tuple, xrefs: 01184133
                                    • Oi:getnameinfo, xrefs: 011840F4
                                    • getsockaddrarg: flowinfo must be 0-1048575., xrefs: 011842F2
                                    • IPv4 sockaddr must be 2 tuple, xrefs: 011842A3
                                    • si|II, xrefs: 01184161
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_String$Arg_Eval_ParseThreadTuple$RestoreS_snprintfSaveThread_acquire_lockThread_release_lockhtonl
                                    • String ID: IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getsockaddrarg: flowinfo must be 0-1048575.$si|II$sockaddr resolved to multiple addresses
                                    • API String ID: 3908325411-1441974071
                                    • Opcode ID: a57f8cbbdf46741fd24e98306fce0ba6fa0919fc9f0976a0d1468e4455a97ada
                                    • Instruction ID: 7062b807d3f1442372cfac61a404be72bf2cba56ee251ad2ce2caf986fb37735
                                    • Opcode Fuzzy Hash: a57f8cbbdf46741fd24e98306fce0ba6fa0919fc9f0976a0d1468e4455a97ada
                                    • Instruction Fuzzy Hash: 10516DB15083019FD718EFA8E884A6BBBE9BBC8304F44C92DF55587605E735E948CF52
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 03FD168D
                                    • PyString_FromStringAndSize.PYTHON27(00000000,?,?,?,?), ref: 03FD16A1
                                    • PyEval_SaveThread.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 03FD1713
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD1734
                                    • PyErr_SetString.PYTHON27(036AAE28,The read operation timed out), ref: 03FD1763
                                    • PyErr_SetString.PYTHON27(036AAE28,Underlying socket too large for select().), ref: 03FD179F
                                    • PyErr_SetString.PYTHON27(036AAE28,Socket closed without SSL shutdown handshake), ref: 03FD1808
                                    • _PyString_Resize.PYTHON27(?,00000000), ref: 03FD1821
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Err_$Eval_String_Thread$Arg_FromParseResizeRestoreSaveSizeTuple
                                    • String ID: Socket closed without SSL shutdown handshake$The read operation timed out$Underlying socket too large for select().$|i:read
                                    • API String ID: 1701042861-2699860919
                                    • Opcode ID: 1cdf8cdf7b886aa9f7479f11f178661b85d4dc2c7039f2a02ba9fc53b032b476
                                    • Instruction ID: 9993f61e8950bca1b6ee1d35e52dc2d35f56491b7aae8064575f7adb193e5a04
                                    • Opcode Fuzzy Hash: 1cdf8cdf7b886aa9f7479f11f178661b85d4dc2c7039f2a02ba9fc53b032b476
                                    • Instruction Fuzzy Hash: C091D57AE043019FD720EF64EC89A5B73BAFF84715F0C0969E54687210E736E855C7A2
                                    APIs
                                    • PyErr_Occurred.PYTHON27 ref: 01191D17
                                    • PyInt_AsLong.PYTHON27 ref: 01191D40
                                    • PyLong_AsLongLong.PYTHON27 ref: 01191D52
                                    • sqlite3_result_int64.SQLITE3(?,00000000), ref: 01191D5B
                                    • PyType_IsSubtype.PYTHON27(?,1E1F4EA0), ref: 01191D75
                                    • PyObject_AsCharBuffer.PYTHON27(?,?,?), ref: 01191D99
                                    • PyErr_SetString.PYTHON27(1E1F35DC,could not convert BLOB to buffer), ref: 01191DB2
                                    • sqlite3_result_blob.SQLITE3(?,?,?,000000FF), ref: 01191DC7
                                    • PyString_AsString.PYTHON27(?,000000FF,000000FF), ref: 01191DDD
                                    • sqlite3_result_text.SQLITE3(?,00000000,000000FF,000000FF), ref: 01191DE6
                                    • PyUnicodeUCS2_AsUTF8String.PYTHON27 ref: 01191DF8
                                    • PyString_AsString.PYTHON27(00000000,000000FF,000000FF), ref: 01191E0A
                                    • sqlite3_result_text.SQLITE3(?,00000000), ref: 01191E13
                                    • PyFloat_AsDouble.PYTHON27 ref: 01191E29
                                    • sqlite3_result_double.SQLITE3 ref: 01191E34
                                    • sqlite3_result_null.SQLITE3 ref: 01191E3F
                                    Strings
                                    • could not convert BLOB to buffer, xrefs: 01191DAB
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Long$Err_String_sqlite3_result_text$BufferCharDoubleFloat_Int_Long_Object_OccurredSubtypeType_Unicodesqlite3_result_blobsqlite3_result_doublesqlite3_result_int64sqlite3_result_null
                                    • String ID: could not convert BLOB to buffer
                                    • API String ID: 2562564581-1751690545
                                    • Opcode ID: 725c0af0ffec5c684ab53ffe1ef7b4153f8a7d1f5ca50a98c69655be37a8368e
                                    • Instruction ID: 84109cf05a4c8df40e0627507594b75b10db84d9e39ef8af2aed69e2486d1d83
                                    • Opcode Fuzzy Hash: 725c0af0ffec5c684ab53ffe1ef7b4153f8a7d1f5ca50a98c69655be37a8368e
                                    • Instruction Fuzzy Hash: 1C318571514512BFEF2F6B58DC48EBF37ADEF05A30B140225F532921D8DB2499C18B62
                                    APIs
                                    • PyTuple_Size.PYTHON27 ref: 011850E9
                                    • PyErr_Format.PYTHON27(-00000003,sendto() takes 2 or 3 arguments (%d given),00000000), ref: 0118510C
                                    • PyArg_ParseTuple.PYTHON27(?,s*iO:sendto,?,?,?), ref: 0118512C
                                    • PyArg_ParseTuple.PYTHON27(?,s*O:sendto,?,?), ref: 01185147
                                    • PyErr_Occurred.PYTHON27 ref: 01185150
                                    • PyBuffer_Release.PYTHON27(?), ref: 0118518E
                                    • PyEval_SaveThread.PYTHON27 ref: 011851A0
                                    • sendto.WS2_32(?,?,?,?,?,?), ref: 011851D8
                                    • PyEval_RestoreThread.PYTHON27(?), ref: 011851E5
                                    • PyBuffer_Release.PYTHON27(?), ref: 011851F3
                                    • PyErr_SetString.PYTHON27(036A9930,timed out), ref: 0118520C
                                    • PyInt_FromLong.PYTHON27 ref: 0118522F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Arg_Buffer_Eval_ParseReleaseThreadTuple$FormatFromInt_LongOccurredRestoreSaveSizeStringTuple_sendto
                                    • String ID: s*O:sendto$s*iO:sendto$sendto() takes 2 or 3 arguments (%d given)$timed out
                                    • API String ID: 1547007555-1786399636
                                    • Opcode ID: a571f17d4c7d2f15fc579debea5d4d7f4fe4330a024ca2cfb2804779e8955be8
                                    • Instruction ID: 9ff909b6fd2d65e95ccb4262031c0b7a2729b52fb0d437b125209b56016f5db9
                                    • Opcode Fuzzy Hash: a571f17d4c7d2f15fc579debea5d4d7f4fe4330a024ca2cfb2804779e8955be8
                                    • Instruction Fuzzy Hash: 8141A5726042009FD718EF98E84596FB7E9EFC8615F04862DF95983206E731D558CBA2
                                    APIs
                                    • Py_BuildValue.PYTHON27((OO),?,?,00000005,?,011953E0,00000005,0119A1E8), ref: 01194366
                                    • PyDict_GetItem.PYTHON27(00000000,?,?,?,0119A1E8), ref: 01194381
                                    • PyObject_CallFunctionObjArgs.PYTHON27(00000000,00000005,00000000,0119A1E8), ref: 0119439F
                                    • PyObject_HasAttrString.PYTHON27(?,__adapt__,-00000001,0119A1E8), ref: 011943B8
                                    • PyObject_CallMethod.PYTHON27(?,__adapt__,011973F4,00000005), ref: 011943D6
                                    • PyErr_Occurred.PYTHON27 ref: 011943F7
                                    • PyErr_ExceptionMatches.PYTHON27(1E1F1244), ref: 01194408
                                    • PyObject_HasAttrString.PYTHON27(00000005,__conform__), ref: 0119441A
                                    • PyObject_CallMethod.PYTHON27(00000005,__conform__,011973F4,?), ref: 0119442D
                                    • PyErr_Occurred.PYTHON27 ref: 0119444A
                                    • PyErr_ExceptionMatches.PYTHON27(1E1F1244), ref: 0119445B
                                    • PyErr_SetString.PYTHON27(can't adapt), ref: 01194471
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Object_$CallString$AttrExceptionMatchesMethodOccurred$ArgsBuildDict_FunctionItemValue
                                    • String ID: (OO)$__adapt__$__conform__$can't adapt
                                    • API String ID: 803471120-1598364106
                                    • Opcode ID: ba97db4ccf32ceebf82c9e2aaa2343a94f2c8c12e856c8a04b4f574757c7b4f5
                                    • Instruction ID: 06b6750036f93789610538f8eaf342197b0d14a0b88589100faab6b9aa885e6d
                                    • Opcode Fuzzy Hash: ba97db4ccf32ceebf82c9e2aaa2343a94f2c8c12e856c8a04b4f574757c7b4f5
                                    • Instruction Fuzzy Hash: B531C036114101EFEF3D9F29EE08D9A3FA9EF0626071444B9F93883491DB21D482CF61
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                    • PyErr_Occurred.PYTHON27 ref: 01192E4D
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTuple.PYTHON27(?,O!O:create_collation(name, callback),?,?), ref: 01192D2B
                                    • PyObject_CallMethod.PYTHON27(?,upper,011979D8), ref: 01192D4A
                                    • PyString_AsString.PYTHON27(00000000), ref: 01192D65
                                    • PyCallable_Check.PYTHON27(?), ref: 01192D96
                                    • PyErr_SetString.PYTHON27(invalid character in collation name), ref: 01192DBA
                                    • PyDict_SetItem.PYTHON27(?,00000000,?), ref: 01192DD4
                                    • PyDict_DelItem.PYTHON27(?,00000000), ref: 01192DE3
                                    • PyString_AsString.PYTHON27(00000000,00000001,?,?), ref: 01192E15
                                    • sqlite3_create_collation.SQLITE3(?,00000000), ref: 01192E1C
                                    • PyDict_DelItem.PYTHON27(?,00000000), ref: 01192E2C
                                    Strings
                                    • O!O:create_collation(name, callback), xrefs: 01192D23
                                    • upper, xrefs: 01192D42
                                    • invalid character in collation name, xrefs: 01192DAF
                                    • parameter must be callable, xrefs: 01192DA6
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_String$Dict_Item$String_Thread_get_thread_ident$Arg_CallCallable_CheckFormatMethodObject_OccurredParseTuplesqlite3_create_collation
                                    • String ID: O!O:create_collation(name, callback)$invalid character in collation name$parameter must be callable$upper
                                    • API String ID: 2082148236-2668186001
                                    • Opcode ID: eb2fa7b48b48c13b8e925ce4ce9311d8e842ef5f85a79a327cfc90316a3b2605
                                    • Instruction ID: fc18fc7f6e8d06de3a850927c3071c285fd15a08b33e0042aaa34d556c410220
                                    • Opcode Fuzzy Hash: eb2fa7b48b48c13b8e925ce4ce9311d8e842ef5f85a79a327cfc90316a3b2605
                                    • Instruction Fuzzy Hash: BD41B471610105FFEF2D9B68EC85E6E3BE9EF01614F144465FA32D2195EB70E9408F20
                                    APIs
                                    • PyGILState_Ensure.PYTHON27 ref: 0119206C
                                    • sqlite3_user_data.SQLITE3(?), ref: 01192078
                                    • sqlite3_aggregate_context.SQLITE3(?,00000004,?), ref: 01192084
                                    • PyObject_CallFunction.PYTHON27(00000000,011979D8), ref: 01192098
                                    • PyErr_Occurred.PYTHON27 ref: 011920A2
                                    • PyErr_Print.PYTHON27 ref: 011920B6
                                    • PyErr_Clear.PYTHON27 ref: 011920BE
                                    • PyObject_GetAttrString.PYTHON27(00000000,step), ref: 011920DE
                                    • PyObject_CallObject.PYTHON27(00000000,00000000), ref: 01192101
                                    • PyErr_Print.PYTHON27 ref: 01192123
                                    • PyErr_Clear.PYTHON27 ref: 0119212B
                                    • PyGILState_Release.PYTHON27(?), ref: 0119215F
                                    Strings
                                    • step, xrefs: 011920D7
                                    • user-defined aggregate's 'step' method raised error, xrefs: 01192131
                                    • user-defined aggregate's '__init__' method raised error, xrefs: 011920C4
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Object_$CallClearPrintState_$AttrEnsureFunctionObjectOccurredReleaseStringsqlite3_aggregate_contextsqlite3_user_data
                                    • String ID: step$user-defined aggregate's '__init__' method raised error$user-defined aggregate's 'step' method raised error
                                    • API String ID: 1278464862-2245734254
                                    • Opcode ID: 5257c5f544b08fcc7736b1cac1faeaf385e634a587963e14a901de72a15303c8
                                    • Instruction ID: a78e2f6a5b57f0f171fc550f7ab7d81a3bab58266c3d77bc974a4a5d3a5ddc9e
                                    • Opcode Fuzzy Hash: 5257c5f544b08fcc7736b1cac1faeaf385e634a587963e14a901de72a15303c8
                                    • Instruction Fuzzy Hash: 2531AEB6504202FFDF2D2FA4E8488693BB6EF15631324007EFB31961A5DB319990CF54
                                    APIs
                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 01183F23
                                    • strcpy_s.MSVCR90 ref: 01183F4D
                                    • strcat_s.MSVCR90 ref: 01183F64
                                    • LoadLibraryA.KERNEL32(?), ref: 01183F74
                                    • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 01183F82
                                    • FreeLibrary.KERNEL32(00000000), ref: 01183F8D
                                    • strcpy_s.MSVCR90 ref: 01183FA5
                                    • strcat_s.MSVCR90 ref: 01183FB6
                                    • LoadLibraryA.KERNEL32(?), ref: 01183FC0
                                    • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 01183FCE
                                    • FreeLibrary.KERNEL32(00000000), ref: 01183FD9
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0118400D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Library$AddressProc$FreeLoadstrcat_sstrcpy_s$DirectorySystem
                                    • String ID: \ws2_32$\wship6$getaddrinfo
                                    • API String ID: 1002071407-3078833738
                                    • Opcode ID: d609e98405e5c7aa096a91ca6758bbc707e0baf50b712bc1f762011e8720f429
                                    • Instruction ID: 1382d695a0631675b9c9db5cc6a8f1aa949f4934f5fbc720af6a20a52a487f5f
                                    • Opcode Fuzzy Hash: d609e98405e5c7aa096a91ca6758bbc707e0baf50b712bc1f762011e8720f429
                                    • Instruction Fuzzy Hash: 9F31A071104301ABC229FB29EC48A9FBBE8BF84B04F04C929F69496144DB75D146CFA6
                                    APIs
                                    • sqlite3_snprintf.SQLITE3(00000064,?,Page %d: ,?), ref: 02D9F584
                                    • sqlite3_snprintf.SQLITE3(00000064,?,On tree page %d cell %d: ,?,00000000), ref: 02D9F648
                                    • sqlite3_snprintf.SQLITE3(00000064,?,On page %d at right child: ,?), ref: 02D9F7A6
                                    • _memset.LIBCMT ref: 02D9F834
                                    • _memset.LIBCMT ref: 02D9F842
                                    Strings
                                    • Child page depth differs, xrefs: 02D9F757
                                    • Fragmentation of %d bytes reported as %d on page %d, xrefs: 02D9F9A3
                                    • On tree page %d cell %d: , xrefs: 02D9F640
                                    • unable to get the page. error code=%d, xrefs: 02D9F5CE
                                    • On page %d at right child: , xrefs: 02D9F798
                                    • Corruption detected in cell %d on page %d, xrefs: 02D9F8CE
                                    • btreeInitPage() returns error code %d, xrefs: 02D9F5FB
                                    • Page %d: , xrefs: 02D9F576
                                    • Multiple uses for byte %d of page %d, xrefs: 02D9F981
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf$_memset
                                    • String ID: Child page depth differs$Corruption detected in cell %d on page %d$Fragmentation of %d bytes reported as %d on page %d$Multiple uses for byte %d of page %d$On page %d at right child: $On tree page %d cell %d: $Page %d: $btreeInitPage() returns error code %d$unable to get the page. error code=%d
                                    • API String ID: 3990553145-4179532167
                                    • Opcode ID: 642027314dd69c6821ce93b6c481b3d9d8cb19ef403ddfd5a175164a9b813532
                                    • Instruction ID: c5db75b86e4fe790ab1d66b9de9eb4619fb4090c64e062e72f2a62a2ae04fe33
                                    • Opcode Fuzzy Hash: 642027314dd69c6821ce93b6c481b3d9d8cb19ef403ddfd5a175164a9b813532
                                    • Instruction Fuzzy Hash: D3E18C72900229AFDF149FA4C840BBEBBB5EF04304F14809AF955EB781D735AE55CBA0
                                    APIs
                                      • Part of subcall function 02DB0643: sqlite3_strnicmp.SQLITE3(?,sqlite_,00000007), ref: 02DB0669
                                    • sqlite3_strnicmp.SQLITE3(00000000,sqlite_,00000007), ref: 02DBF88D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: 0$AFTER$BEFORE$cannot create %s trigger on view: %S$cannot create INSTEAD OF trigger on table: %S$cannot create trigger on system table$cannot create triggers on virtual tables$sqlite_$sqlite_master$sqlite_temp_master$temporary trigger may not have qualified name$trigger$trigger %T already exists
                                    • API String ID: 1961171630-3424442728
                                    • Opcode ID: c9a72dff525f4bccfa02f293fdc57c56fb4455f8e149903e27f2addea822acf1
                                    • Instruction ID: 4957f30223188c0dbc8d22f076ea978c3a8567d03549f938639307e14ed2e112
                                    • Opcode Fuzzy Hash: c9a72dff525f4bccfa02f293fdc57c56fb4455f8e149903e27f2addea822acf1
                                    • Instruction Fuzzy Hash: D8A16775A00206EFDF269F64D8A0AEEB7B5EF08314F14405AF916ABB41D770ED41CBA0
                                    APIs
                                    • PyOS_snprintf.PYTHON27(?,00000800,_ssl.c:%d: %s,?,00000000), ref: 03FD1446
                                    • Py_BuildValue.PYTHON27((is),00000000,?), ref: 03FD145C
                                    • PyErr_SetObject.PYTHON27(036AAE28,00000000), ref: 03FD1473
                                    Strings
                                    • A failure in the SSL library occurred, xrefs: 03FD140B
                                    • EOF occurred in violation of protocol, xrefs: 03FD13E9
                                    • The operation did not complete (write), xrefs: 03FD13B9
                                    • (is), xrefs: 03FD1457
                                    • Invalid error code, xrefs: 03FD1417
                                    • Some I/O error occurred, xrefs: 03FD13DD
                                    • _ssl.c:%d: %s, xrefs: 03FD1437
                                    • TLS/SSL connection has been closed, xrefs: 03FD1399
                                    • The operation did not complete (read), xrefs: 03FD13A8
                                    • The operation did not complete (connect), xrefs: 03FD13D1
                                    • The operation did not complete (X509 lookup), xrefs: 03FD13C5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildErr_ObjectS_snprintfValue
                                    • String ID: (is)$A failure in the SSL library occurred$EOF occurred in violation of protocol$Invalid error code$Some I/O error occurred$TLS/SSL connection has been closed$The operation did not complete (X509 lookup)$The operation did not complete (connect)$The operation did not complete (read)$The operation did not complete (write)$_ssl.c:%d: %s
                                    • API String ID: 2553083448-825150957
                                    • Opcode ID: 65705dd00d5824f86f58ad96d6096f4c37ca6acffa07e02a10e358227a9fc8f1
                                    • Instruction ID: c9208cf49346bae60fdf05cc0078a73e81dc8a44af63f1a5d4c72b3142e121c5
                                    • Opcode Fuzzy Hash: 65705dd00d5824f86f58ad96d6096f4c37ca6acffa07e02a10e358227a9fc8f1
                                    • Instruction Fuzzy Hash: 8B31283AE442158BD260DB64EC49FA77259EF43320F0C4176EF54EB780DA2ADC8587D2
                                    APIs
                                    • PyTuple_New.PYTHON27(?), ref: 01191E57
                                    • sqlite3_value_type.SQLITE3 ref: 01191E7F
                                    • sqlite3_value_bytes.SQLITE3 ref: 01191EAC
                                    • PyBuffer_New.PYTHON27(00000000), ref: 01191EB6
                                    • PyObject_AsWriteBuffer.PYTHON27(00000000,?,?), ref: 01191ED3
                                    • sqlite3_value_blob.SQLITE3(?,?), ref: 01191EE9
                                    • memcpy.MSVCR90(?,00000000,?), ref: 01191EF4
                                    • PyTuple_SetItem.PYTHON27(?,00000000,00000000), ref: 01191F83
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Tuple_$BufferBuffer_ItemObject_Writememcpysqlite3_value_blobsqlite3_value_bytessqlite3_value_type
                                    • String ID:
                                    • API String ID: 1580899806-0
                                    • Opcode ID: 902068dc6d3c8379862b1dd4eed38f52fa7fe6d0a60d25622908ebf6abf86160
                                    • Instruction ID: 337dd6d25f897f8294715579383bb8417970e34376285b265d87d98b62081a03
                                    • Opcode Fuzzy Hash: 902068dc6d3c8379862b1dd4eed38f52fa7fe6d0a60d25622908ebf6abf86160
                                    • Instruction Fuzzy Hash: DA41477240821BBFDF2E6F24E84887E7BA9EF55274B044429F835D6181DB309985CB93
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncmp$memcpy
                                    • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                    • API String ID: 2549481713-2733969777
                                    • Opcode ID: 4461c51247707880b82905075ab516469a53bd20f9f2eece3702d92f95a16b9b
                                    • Instruction ID: 3f6abb1c8beadd1c947e864a5407695da9c3bd03970482d74bb10e476c47a530
                                    • Opcode Fuzzy Hash: 4461c51247707880b82905075ab516469a53bd20f9f2eece3702d92f95a16b9b
                                    • Instruction Fuzzy Hash: 9AF10775A44342AFD720EF24CD45FABB3E8AB85704F08492DF9899B241E7B0E905C793
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,011973F4,?), ref: 01193EEB
                                      • Part of subcall function 011936E2: PyErr_SetString.PYTHON27(Recursive use of cursors not allowed.,01193762), ref: 011936F3
                                    • PyUnicodeUCS2_AsUTF8String.PYTHON27(?), ref: 01193F2F
                                    • PyString_AsString.PYTHON27(00000000), ref: 01193F42
                                    • PyEval_SaveThread.PYTHON27 ref: 01193F72
                                    • sqlite3_prepare.SQLITE3(?,?,000000FF,?,?), ref: 01193F89
                                    • sqlite3_finalize.SQLITE3(?), ref: 01193FAD
                                    • PyEval_SaveThread.PYTHON27 ref: 01193FBF
                                    • sqlite3_prepare.SQLITE3(?,?,000000FF,?,?), ref: 01193FD7
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,000000FF,?,?), ref: 01193FE2
                                    • PyErr_Occurred.PYTHON27 ref: 0119400F
                                      • Part of subcall function 0119563F: PyEval_SaveThread.PYTHON27(00000000,?,01191BBC,?), ref: 01195649
                                      • Part of subcall function 0119563F: sqlite3_step.SQLITE3(?), ref: 01195655
                                      • Part of subcall function 0119563F: PyEval_RestoreThread.PYTHON27(00000000,?), ref: 0119565D
                                    • sqlite3_finalize.SQLITE3(?), ref: 0119401F
                                    • PyErr_SetString.PYTHON27(1E1F35DC,script argument must be unicode or string.), ref: 01194040
                                    Strings
                                    • script argument must be unicode or string., xrefs: 01194039
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$String$Err_Save$Restoresqlite3_finalizesqlite3_prepare$Arg_OccurredParseString_TupleUnicodesqlite3_step
                                    • String ID: script argument must be unicode or string.
                                    • API String ID: 489053144-3925749962
                                    • Opcode ID: 3a209deee5093caed9ed9094f1e936c9d5fc2b3aab0a383bdd37232b1124637d
                                    • Instruction ID: 5a453abdfd9a5d542b42a9c5679f4e7c8e59900319d1495a2b7753dc929e205b
                                    • Opcode Fuzzy Hash: 3a209deee5093caed9ed9094f1e936c9d5fc2b3aab0a383bdd37232b1124637d
                                    • Instruction Fuzzy Hash: D241AD72910205EFDF1D9FA8D848A9DBBB9FF08610F244066E535E7191DB31EA81CF91
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncmp$memcpy
                                    • String ID: ,name:$,value:$.\crypto\x509v3\v3_pci.c$file:$hex:$language$pathlen$policy$section:$text:
                                    • API String ID: 2549481713-2070401741
                                    • Opcode ID: 235668da97d02ab56c39482d900a7fd847997407c6a520aef926ce010ea3ce7f
                                    • Instruction ID: 04aa2f8d3f7611ee6bb99759b43a022505aa2bdb5d45a967dae433eebd452dd2
                                    • Opcode Fuzzy Hash: 235668da97d02ab56c39482d900a7fd847997407c6a520aef926ce010ea3ce7f
                                    • Instruction Fuzzy Hash: 84D1E275744302AFD720DF64DC86F67B3EAAF85704F088558E9899F292E7B2E805C781
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncmp$memcpy$memset
                                    • String ID: .\ssl\s23_srvr.c$CONNECT$GET $HEAD $POST $PUT
                                    • API String ID: 3067459797-2915226431
                                    • Opcode ID: 4ec99f55c6f5c47bb67a4057ef698f4fec4c6950ca4a063dd66f90783f3f5e4f
                                    • Instruction ID: cfb549b853a645c201a86e31d8d60bb22259799a4d56728f7b0a509f0b1cb4be
                                    • Opcode Fuzzy Hash: 4ec99f55c6f5c47bb67a4057ef698f4fec4c6950ca4a063dd66f90783f3f5e4f
                                    • Instruction Fuzzy Hash: 87F114B0A047839FD720DF26C980BA7BBF9BF44304F08845DE9899B682D3B5E454CB91
                                    APIs
                                    • PyList_New.PYTHON27(00000000), ref: 03FD2530
                                    • PyTuple_New.PYTHON27(00000002,?,?,00000000), ref: 03FD25E1
                                    • PyString_FromString.PYTHON27(DirName,?,?,?,00000000), ref: 03FD25F9
                                    Strings
                                    • DirName, xrefs: 03FD25F4
                                    • _ssl.c:725: No method for internalizing subjectAltName!, xrefs: 03FD2794
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: FromList_StringString_Tuple_
                                    • String ID: DirName$_ssl.c:725: No method for internalizing subjectAltName!
                                    • API String ID: 1269262503-340504809
                                    • Opcode ID: 79cf30fb6e7fe69e8cd8765d8fadab1d040137757487ec967eb798ad7b57e11a
                                    • Instruction ID: 91b351861f98c8eceba28cb32de4b2f4afc64049b614684ea5ad4dc7dfcffb08
                                    • Opcode Fuzzy Hash: 79cf30fb6e7fe69e8cd8765d8fadab1d040137757487ec967eb798ad7b57e11a
                                    • Instruction Fuzzy Hash: FF91EB75E003026BD720EF64DD89A5BB3A9AF84321F0C4A29ED5587281EB35E915C7E3
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset
                                    • String ID: CREATE %s %.*s$CREATE TABLE %Q.sqlite_sequence(name,seq)$TABLE$UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d$VIEW$parameters are not allowed in views$sqlite_master$sqlite_temp_master$table$tbl_name='%q'$view
                                    • API String ID: 2102423945-3962964538
                                    • Opcode ID: 09d6ce60426a44d8c141bd94d789fe20e288063b3e538f8d50e5aaabe5d9c998
                                    • Instruction ID: aa09993768a101bf043f4e782471da4c5788eca96e3696a8d513d72d0034cdd3
                                    • Opcode Fuzzy Hash: 09d6ce60426a44d8c141bd94d789fe20e288063b3e538f8d50e5aaabe5d9c998
                                    • Instruction Fuzzy Hash: E0B17D75900249EFDB169F64C860BEEBBB6EF04314F184169E81AAB351DB71ED41CFA0
                                    APIs
                                    • sqlite3_strnicmp.SQLITE3(?,sqlite_,00000007), ref: 02DAE69C
                                    Strings
                                    • there is already another table or index with this name: %s, xrefs: 02DAE8CC
                                    • sqlite_sequence, xrefs: 02DAE838
                                    • view %s may not be altered, xrefs: 02DAE6D0
                                    • sqlite_, xrefs: 02DAE696
                                    • sqlite_master, xrefs: 02DAE814, 02DAE824
                                    • UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q, xrefs: 02DAE853
                                    • table %s may not be altered, xrefs: 02DAE6AB
                                    • UPDATE sqlite_master SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;, xrefs: 02DAE7F1
                                    • sqlite_temp_master, xrefs: 02DAE80D
                                    • UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;, xrefs: 02DAE873
                                    • UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q, xrefs: 02DAE828
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q$UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q$UPDATE sqlite_master SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;$UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;$sqlite_$sqlite_master$sqlite_sequence$sqlite_temp_master$table %s may not be altered$there is already another table or index with this name: %s$view %s may not be altered
                                    • API String ID: 1961171630-3166984370
                                    • Opcode ID: e8f09ffa46ec956af9b852777af2f2751b5490595b4b801db466694dfcd9c7a8
                                    • Instruction ID: 11b3154616f562fea2c4bc237062acf4daec2ec59783d5f964eeac9fe8a1671e
                                    • Opcode Fuzzy Hash: e8f09ffa46ec956af9b852777af2f2751b5490595b4b801db466694dfcd9c7a8
                                    • Instruction Fuzzy Hash: 3D919272A00205AFDF11ABA4CC65EAEBBB6EF44310F244579E915A7390EB31DD50DFA0
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast_fileno_setmodefeoffflushfopenfseekftell
                                    • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                    • API String ID: 2856849789-2085858615
                                    • Opcode ID: 903de363604857a029b616e6a9a15ca8373e613d24c80130fa53498596f5f8b7
                                    • Instruction ID: 4dfb100e0cc713f048ffef95453db42f4b7277887371ab5e5d65cbf804665b68
                                    • Opcode Fuzzy Hash: 903de363604857a029b616e6a9a15ca8373e613d24c80130fa53498596f5f8b7
                                    • Instruction Fuzzy Hash: E4517EB77453091FD700EA58EC45BBAB399DB86312F08057FF749AA1C1E7A3A0098362
                                    APIs
                                    • WSAGetLastError.WS2_32 ref: 01184679
                                      • Part of subcall function 01182DB4: Py_BuildValue.PYTHON27((is),00000000,host not found,?,01184685,00000000), ref: 01182DC4
                                      • Part of subcall function 01182DB4: PyErr_SetObject.PYTHON27(036A8BD8,00000000,?,?,00000000), ref: 01182DDB
                                    • strerror.MSVCR90 ref: 011846A1
                                    • PyErr_SetString.PYTHON27(036A9748,00000000), ref: 011846AF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$BuildErrorLastObjectStringValuestrerror
                                    • String ID: sOO$unsupported address family
                                    • API String ID: 377122382-3039853080
                                    • Opcode ID: 0eaf9e8dcb982c9a5452e5d62d9ad30d9fac4d46eeb150415661f272c85c8a1b
                                    • Instruction ID: e3b04d80ef398b604ada86dc134f0af27ac94d4745393dc86696a669c0e8074f
                                    • Opcode Fuzzy Hash: 0eaf9e8dcb982c9a5452e5d62d9ad30d9fac4d46eeb150415661f272c85c8a1b
                                    • Instruction Fuzzy Hash: 698171B1A043029FD714EFA8D880A1ABBE0FF89724F04862DF95997741E735E945CF92
                                    APIs
                                    • sqlite3_snprintf.SQLITE3(00000020,?,program,?,?,?,?,?,00000000,?,?,?,?,?,00000015), ref: 02DA1A4A
                                    • sqlite3_snprintf.SQLITE3(00000020,?,collseq(%.20s),?,?,?,?,?,?,00000000,?,?,?,?,?,00000015), ref: 02DA1AB8
                                    • sqlite3_snprintf.SQLITE3(00000020,?,keyinfo(%d,?,?,?,?,?,?,00000000,?,?,?,?,?,00000015), ref: 02DA1AE9
                                    • sqlite3_snprintf.SQLITE3(00000020,?,vtab:%p:%p,?,?,?,?,?,?,?,00000000), ref: 02DA1BD1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf
                                    • String ID: %.16g$%lld$%s(%d)$collseq(%.20s)$intarray$keyinfo(%d$program$vtab:%p:%p
                                    • API String ID: 949980604-3327101093
                                    • Opcode ID: 3aa35429484e8270c3138bc6210ec65f6956cc04f52a11983fd0b7e7beab7e7c
                                    • Instruction ID: 781f13bdd4b26a3dfbf918565f6c9002b3df3ec29e7302457eb7027c1867c33f
                                    • Opcode Fuzzy Hash: 3aa35429484e8270c3138bc6210ec65f6956cc04f52a11983fd0b7e7beab7e7c
                                    • Instruction Fuzzy Hash: B251A271904A05DFDB188FACC8A4E39B7A5EF02614F14868AF46B8B3A1E370DD41CB21
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,s*:write), ref: 03FD1A19
                                    • PyErr_SetString.PYTHON27(036AAE28,Underlying socket has been closed.), ref: 03FD1B83
                                    • PyBuffer_Release.PYTHON27(?), ref: 03FD1B91
                                    Strings
                                    • Underlying socket too large for select()., xrefs: 03FD1AB2
                                    • s*:write, xrefs: 03FD1A13
                                    • The write operation timed out, xrefs: 03FD1A93
                                    • Underlying socket has been closed., xrefs: 03FD1B7D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Buffer_Err_ParseReleaseStringTuple
                                    • String ID: The write operation timed out$Underlying socket has been closed.$Underlying socket too large for select().$s*:write
                                    • API String ID: 1670958707-1902097850
                                    • Opcode ID: 5b047f2e6b6d9c01e22994b60bb85803c405d0913d3dfee13cba8852604ce45d
                                    • Instruction ID: 9708e5d8f420b31bcd107cd84d4bd8b23cdc16c44d27974861b2d2593cd0e58c
                                    • Opcode Fuzzy Hash: 5b047f2e6b6d9c01e22994b60bb85803c405d0913d3dfee13cba8852604ce45d
                                    • Instruction Fuzzy Hash: 8C411BBAE403056FD770EB74EC8DE6B736BEB80604F4C0929F916C7251F635E4548692
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 011831F3
                                    • PyErr_Format.PYTHON27(?,invalid ioctl command %d,?), ref: 01183221
                                    • PyArg_ParseTuple.PYTHON27(?,k(kkk):ioctl,?,?,?,?), ref: 0118324C
                                    • WSAIoctl.WS2_32(?,?,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 01183276
                                    • PyLong_FromUnsignedLong.PYTHON27(?), ref: 01183286
                                    • PyArg_ParseTuple.PYTHON27 ref: 011832AD
                                    • WSAIoctl.WS2_32(?,?,?,00000004,00000000,00000000,?,00000000,00000000), ref: 011832DB
                                    • PyLong_FromUnsignedLong.PYTHON27(?), ref: 011832F6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_ParseTuple$FromIoctlLongLong_Unsigned$Err_Format
                                    • String ID: invalid ioctl command %d$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                    • API String ID: 3968029768-1587499366
                                    • Opcode ID: 01602d4b8ab1f0cb02b063b69a8b5b52ba952c99e6360d67394e3d3eab184cb4
                                    • Instruction ID: 37297c34bdf028ad762ba7ef4213ead250faff5184b1687bbbfbf0ce23e1e273
                                    • Opcode Fuzzy Hash: 01602d4b8ab1f0cb02b063b69a8b5b52ba952c99e6360d67394e3d3eab184cb4
                                    • Instruction Fuzzy Hash: FC319E722143006BD208EB5CDC41F9BB3A9AFC8614F588A18F668D6191E771E648CBA2
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 01183324
                                    • PyEval_SaveThread.PYTHON27(?,?,?,?,?,?,?,?), ref: 0118334D
                                    • send.WS2_32(?,?,?,?), ref: 0118337C
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?,?,?), ref: 01183385
                                    • _errno.MSVCR90 ref: 01183393
                                    • PyErr_CheckSignals.PYTHON27(?,?,?,?,?,?,?), ref: 0118339B
                                    • PyBuffer_Release.PYTHON27(?), ref: 011833B3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_Buffer_CheckErr_ParseReleaseRestoreSaveSignalsTuple_errnosend
                                    • String ID: s*|i:sendall$timed out
                                    • API String ID: 1765098298-302368731
                                    • Opcode ID: 8e6d30c60b00f05cd47f743e8b76abe2362fe2468e0988864e61d66dd80f8116
                                    • Instruction ID: c66b8d7ab676ee22b552eae0d0b971fb25c8a2af8259b676077bcaad6bbb37d0
                                    • Opcode Fuzzy Hash: 8e6d30c60b00f05cd47f743e8b76abe2362fe2468e0988864e61d66dd80f8116
                                    • Instruction Fuzzy Hash: 4431C2766083009FD718EF68E88896FB7E5FBC4611F048529F92587306E731E989CB93
                                    APIs
                                    • GetStdHandle.KERNEL32(000000F4,03F68799,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,03F72FF2,.\crypto\evp\digest.c,00000150,ctx->digest->md_size <= EVP_MAX_MD_SIZE,?,?,03F7322D,?,?,?), ref: 03F6867A
                                    • GetFileType.KERNEL32(00000000,?,?,03F7322D,?,?,?), ref: 03F68685
                                    • __iob_func.MSVCR90 ref: 03F6869F
                                    • vfprintf.MSVCR90 ref: 03F686A8
                                    • _vsnprintf.MSVCR90 ref: 03F686DF
                                    • GetVersion.KERNEL32 ref: 03F686EF
                                    • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 03F6870D
                                    • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 03F68731
                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 03F68738
                                    • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 03F68762
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportTypeVersion__iob_func_vsnprintfvfprintf
                                    • String ID: OPENSSL$OpenSSL: FATAL
                                    • API String ID: 1397504595-1348657634
                                    • Opcode ID: 6289339ba21018123290b8f22fa2c6c078e7dc8bd33e9ad09ea5a581901fc585
                                    • Instruction ID: 742f3f49177acab3b5ee9158c6c7775405204f57abbff59ac55726c161d140ee
                                    • Opcode Fuzzy Hash: 6289339ba21018123290b8f22fa2c6c078e7dc8bd33e9ad09ea5a581901fc585
                                    • Instruction Fuzzy Hash: 082135796443466BEB30EB60CC5EFEB7398AF94300F44081DF6898A0D0EAB5A844C753
                                    APIs
                                    • _malloc.LIBCMT ref: 02DCA14B
                                      • Part of subcall function 02DC9D92: __FF_MSGBANNER.LIBCMT ref: 02DC9DB5
                                      • Part of subcall function 02DC9D92: __NMSG_WRITE.LIBCMT ref: 02DC9DBC
                                      • Part of subcall function 02DC9D92: RtlAllocateHeap.NTDLL(00000000,?,00000000,7622DF80,00000001,?,02D954C7,00000000), ref: 02DC9E09
                                      • Part of subcall function 02DCA809: __getptd_noexit.LIBCMT ref: 02DCA809
                                    • GetLastError.KERNEL32(?,02DCE519,00000000,00000010,?,?,?,02DCE5A5,?,02DDD730,0000000C,02DCE5D1,?,?,02DCB856,02DCDF33), ref: 02DCA2B0
                                    • GetLastError.KERNEL32(?,02DCE519,00000000,00000010,?,?,?,02DCE5A5,?,02DDD730,0000000C,02DCE5D1,?,?,02DCB856,02DCDF33), ref: 02DCA33D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast$AllocateHeap__getptd_noexit_malloc
                                    • String ID:
                                    • API String ID: 857301886-0
                                    • Opcode ID: 32a1558d3f45ec91d17f00a756c5df942fb082cfa4a39674043d67ae162c32f9
                                    • Instruction ID: fe371d898d6062a5113c1bf8e1f7905a073f9a092d268b6022185a6633fa47be
                                    • Opcode Fuzzy Hash: 32a1558d3f45ec91d17f00a756c5df942fb082cfa4a39674043d67ae162c32f9
                                    • Instruction Fuzzy Hash: 78519171D4162FAACF216FA49C5466EBB65EF40764F34861DE895AB380EB348C41CEA0
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset
                                    • String ID: CREATE %s %.*s$CREATE TABLE %Q.sqlite_sequence(name,seq)$TABLE$UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d$VIEW$sqlite_master$sqlite_temp_master$table$tbl_name='%q'$view
                                    • API String ID: 2102423945-2854042851
                                    • Opcode ID: 6ac5387fe6e5a1a43f3f9081b6e10f18507dcca77ac1b3d9857a933cb2bf6c43
                                    • Instruction ID: d9fba31b744c4bb3280109f67c4a3dc0a49ee5df774dec2e44ec6a23ffdfa678
                                    • Opcode Fuzzy Hash: 6ac5387fe6e5a1a43f3f9081b6e10f18507dcca77ac1b3d9857a933cb2bf6c43
                                    • Instruction Fuzzy Hash: E0A16871900204EFDB15DF94C864BAEBBB5EF08324F144199E849AB351DB70ED44CFA0
                                    APIs
                                    • sqlite3_strnicmp.SQLITE3(00000001,sqlite_,00000007), ref: 02DB1A5E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'$DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q$DELETE FROM %s.sqlite_sequence WHERE name=%Q$sqlite_$sqlite_master$sqlite_stat1$sqlite_temp_master$table %s may not be dropped$use DROP TABLE to delete table %s$use DROP VIEW to delete view %s
                                    • API String ID: 1961171630-3961206475
                                    • Opcode ID: 3b3e3d18fad4067287450b52ce2361fb7cbca4cff3110f15ab320e2d23049486
                                    • Instruction ID: a3e2f0f38ee7d01d1f023a21eabce2cae302e3a44cf2ed74f6e5f22f892a3e87
                                    • Opcode Fuzzy Hash: 3b3e3d18fad4067287450b52ce2361fb7cbca4cff3110f15ab320e2d23049486
                                    • Instruction Fuzzy Hash: 6C81CD35A00209EFDF16AF65CC60AEABBB2EF05354F148054E80A6B351E771EE50CBA0
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DAF4A4
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DAF4B0
                                    • sqlite3_result_error.SQLITE3(00000007,00000000,000000FF), ref: 02DAF6F8
                                    • sqlite3_result_error_code.SQLITE3(00000000,00000000), ref: 02DAF717
                                    Strings
                                    • too many attached databases - max %d, xrefs: 02DAF4DC
                                    • unable to open database: %s, xrefs: 02DAF6C5
                                    • out of memory, xrefs: 02DAF6DC
                                    • database is already attached, xrefs: 02DAF5B5
                                    • cannot ATTACH database within transaction, xrefs: 02DAF4F2
                                    • attached databases must use the same text encoding as main database, xrefs: 02DAF600
                                    • database %s is already in use, xrefs: 02DAF554
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_error_code
                                    • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                    • API String ID: 1588535969-2001300268
                                    • Opcode ID: 71617246a5df8f94c2233d82b7c0db4264dec193ed1aa9c93330779253ff1ae0
                                    • Instruction ID: 7c8f542db366f05c46ae7332c1c0e3120fcaca46b1fee026a103ee515003385e
                                    • Opcode Fuzzy Hash: 71617246a5df8f94c2233d82b7c0db4264dec193ed1aa9c93330779253ff1ae0
                                    • Instruction Fuzzy Hash: 2681A031A00745AFDF21DFA8D490A9EB7B2EF04318F14849AE455AB751DB71EE40CF61
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memset
                                    • String ID: CREATE %s %.*s$CREATE TABLE %Q.sqlite_sequence(name,seq)$TABLE$UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d$VIEW$sqlite_master$sqlite_temp_master$table$tbl_name='%q'$view
                                    • API String ID: 2102423945-2854042851
                                    • Opcode ID: 950b6ce7a89db0a698dfa3286168f200b387b81144d6e5bc57ec6d1a591fc5a2
                                    • Instruction ID: 24f0f01a93def02a2d538284f4810e665ab3538ad1fe2f9cd9278b268aece70f
                                    • Opcode Fuzzy Hash: 950b6ce7a89db0a698dfa3286168f200b387b81144d6e5bc57ec6d1a591fc5a2
                                    • Instruction Fuzzy Hash: 55918A71A00616AFDF15CF68D840BAEBBB6EF08318F254199E915AB351DB70ED41CFA0
                                    APIs
                                    • sqlite3_strnicmp.SQLITE3(?,trigger,00000001), ref: 02DC80B0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: create$end$explain$temp$temporary$trigger
                                    • API String ID: 1961171630-841675879
                                    • Opcode ID: 57d4737218e7d3b3a859872d317faf2a9bb4a7015805e7e7e247dd174f8feb10
                                    • Instruction ID: 72380a474dc31a9c2012ac1070391a5ea26367207e33316aebd735b3dacc1f84
                                    • Opcode Fuzzy Hash: 57d4737218e7d3b3a859872d317faf2a9bb4a7015805e7e7e247dd174f8feb10
                                    • Instruction Fuzzy Hash: 31514A55504A8324EE3B0D284868FBB1BD98E471A8F39154EDCD3D3342E3548D8BF662
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD1D4F
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD1D7B
                                    • PyErr_CheckSignals.PYTHON27 ref: 03FD1D84
                                    • PyErr_SetString.PYTHON27(036AAE28,_ssl.c:489: The handshake operation timed out), ref: 03FD1DF3
                                    • PyErr_SetString.PYTHON27(036AAE28,_ssl.c:493: Underlying socket has been closed.), ref: 03FD1E0F
                                    Strings
                                    • _ssl.c:493: Underlying socket has been closed., xrefs: 03FD1E09
                                    • _ssl.c:489: The handshake operation timed out, xrefs: 03FD1DED
                                    • _ssl.c:497: Underlying socket too large for select()., xrefs: 03FD1E24
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Eval_StringThread$CheckRestoreSaveSignals
                                    • String ID: _ssl.c:489: The handshake operation timed out$_ssl.c:493: Underlying socket has been closed.$_ssl.c:497: Underlying socket too large for select().
                                    • API String ID: 2814120482-2313016873
                                    • Opcode ID: b45a002140ed62dc320eabad17a8773f70d61c4c6bbf16dbcf746d7e9ec4145f
                                    • Instruction ID: e70e4e90dbd390969c67a914800b4f96a2fa32323f0d805ff1f02b3eddde6f99
                                    • Opcode Fuzzy Hash: b45a002140ed62dc320eabad17a8773f70d61c4c6bbf16dbcf746d7e9ec4145f
                                    • Instruction Fuzzy Hash: 6D51FABBE403056BD670FB74FC4DA6B737AEB84605F0C0936E606D7205DB36E46486A2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: fflush$fputs$fprintf
                                    • String ID: Verify failure$Verifying - %s
                                    • API String ID: 1399955606-2434124770
                                    • Opcode ID: 8c9ee6e9aa72ddf6d662bcb1bd1638210b9cbefe6f0ea3e727f6b3caf8296737
                                    • Instruction ID: 778d7b2b3e09f4a9d30f4758b5638dd8684ba2035567f15a0faedb42c3dec936
                                    • Opcode Fuzzy Hash: 8c9ee6e9aa72ddf6d662bcb1bd1638210b9cbefe6f0ea3e727f6b3caf8296737
                                    • Instruction Fuzzy Hash: E331B2FBE15A5127C900FB7D7D56EAB336D9F51114F080424F805AB242EA2AED9183A6
                                    APIs
                                    • PyInt_AsLong.PYTHON27(?), ref: 01194C0F
                                    • PyTuple_GetItem.PYTHON27(?,00000000), ref: 01194C1C
                                    • PyLong_AsLong.PYTHON27(?), ref: 01194C3D
                                    • PyString_AsString.PYTHON27(?), ref: 01194C58
                                    • PyTuple_Size.PYTHON27(?), ref: 01194C63
                                    • PyString_AsString.PYTHON27(00000000), ref: 01194C89
                                    • PyTuple_GetItem.PYTHON27(?,00000000), ref: 01194CD5
                                    • PyErr_SetString.PYTHON27(1E1F3204,Index must be int or string), ref: 01194D02
                                    Strings
                                    • Index must be int or string, xrefs: 01194CF6
                                    • No item with that key, xrefs: 01194CC8
                                    • slices not implemented, yet, xrefs: 01194CEF
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: StringTuple_$ItemLongString_$Err_Int_Long_Size
                                    • String ID: Index must be int or string$No item with that key$slices not implemented, yet
                                    • API String ID: 890561671-1044043803
                                    • Opcode ID: 63386761ffcc953cd5cb95ffa004ca4e7294d514c3e901840d498eab9b401f79
                                    • Instruction ID: 41298c40fadb64413a29026406e9ab1b51cff0483391a827da24fdbb48e677ce
                                    • Opcode Fuzzy Hash: 63386761ffcc953cd5cb95ffa004ca4e7294d514c3e901840d498eab9b401f79
                                    • Instruction Fuzzy Hash: E031B435914244AFEF1D8F68EA04BA97FF5FF06211F1480A9E93187695C731E982CF10
                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27 ref: 011838BF
                                    • PyErr_SetString.PYTHON27(00000000,negative buffersize in recv_into,?,?,?,?,?,?,?,?), ref: 011838E6
                                    • PyBuffer_Release.PYTHON27(?,?,?,?,?,?,?,?,?,?), ref: 011838F4
                                    Strings
                                    • negative buffersize in recv_into, xrefs: 011838E0
                                    • buffer too small for requested bytes, xrefs: 0118394F
                                    • w*|ii:recv_into, xrefs: 011838A8
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Buffer_Err_KeywordsParseReleaseStringTuple
                                    • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ii:recv_into
                                    • API String ID: 3378295552-475168351
                                    • Opcode ID: a379bbba8c12c30953c4f468cf5f26f320f08105c2da8b45ebe08605292aa5a9
                                    • Instruction ID: 44c5c0efad938e2b060b2aba13df5a6a13c9e8d88ce92960fe6e46a4ae3d9872
                                    • Opcode Fuzzy Hash: a379bbba8c12c30953c4f468cf5f26f320f08105c2da8b45ebe08605292aa5a9
                                    • Instruction Fuzzy Hash: 3D21C374514201AFDA18EB18DC84A6F77E9BFC4709F44C92CF86986205F335D558CBA3
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 0118262B
                                    • PyEval_SaveThread.PYTHON27 ref: 01182648
                                    • htons.WS2_32(?), ref: 0118265A
                                    • getservbyport.WS2_32 ref: 01182664
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 0118266D
                                    • PyErr_SetString.PYTHON27(036A9748,port/proto not found), ref: 01182685
                                    • PyString_FromString.PYTHON27 ref: 01182699
                                    • PyErr_SetString.PYTHON27(00000000,getservbyport: port must be 0-65535.), ref: 011826B6
                                    Strings
                                    • i|s:getservbyport, xrefs: 0118261D
                                    • port/proto not found, xrefs: 0118267F
                                    • getservbyport: port must be 0-65535., xrefs: 011826B0
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Err_Eval_Thread$Arg_FromParseRestoreSaveString_Tuplegetservbyporthtons
                                    • String ID: getservbyport: port must be 0-65535.$i|s:getservbyport$port/proto not found
                                    • API String ID: 1249167635-2289527662
                                    • Opcode ID: 82b2b321925f2ca96998ea48c6ea9993612d4748e90da62f55d65ebfa631608f
                                    • Instruction ID: 340fa420f4923f21853c2ec759064e5e2759416d9ec9bd8649f0eb093d1ad5ec
                                    • Opcode Fuzzy Hash: 82b2b321925f2ca96998ea48c6ea9993612d4748e90da62f55d65ebfa631608f
                                    • Instruction Fuzzy Hash: 891191705002009FD728EB68EC4996F7BE8BFC4616F44C839FC55C2246E735D498CBA2
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(00000000,00000002,?,?,?,?,?,02D92459), ref: 02DC8263
                                    • sqlite3_mutex_leave.SQLITE3(00000000,?,?,?,?,?,02D92459), ref: 02DC82B8
                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,02D92459), ref: 02DC82CC
                                    • _memset.LIBCMT ref: 02DC82F8
                                    • sqlite3_config.SQLITE3(0000000E,02DE0ED8), ref: 02DC831C
                                    • sqlite3_initialize.SQLITE3 ref: 02DC833C
                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,02D92459), ref: 02DC8392
                                    • sqlite3_mutex_enter.SQLITE3(00000000,?,?,?,?,02D92459), ref: 02DC8398
                                    • sqlite3_mutex_free.SQLITE3(?,?,?,02D92459), ref: 02DC83B3
                                    • sqlite3_mutex_leave.SQLITE3(00000000,?,?,?,02D92459), ref: 02DC83C0
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$_memsetsqlite3_configsqlite3_initializesqlite3_mutex_free
                                    • String ID:
                                    • API String ID: 83656133-0
                                    • Opcode ID: 70270ad10613b91bdb5a901385a52d3ec089ca12198f1c4c623ffd8d7c812190
                                    • Instruction ID: 7d30ad49c6b8f7e328d5a167f96988be782ba498e6f80572451389396adb3862
                                    • Opcode Fuzzy Hash: 70270ad10613b91bdb5a901385a52d3ec089ca12198f1c4c623ffd8d7c812190
                                    • Instruction Fuzzy Hash: B541AF72D84216DEDF227B60B8889297365E700316B30992EE945FB740EFB21C60DFA0
                                    APIs
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyImport_ImportModule.PYTHON27(sqlite3.dump), ref: 01192C56
                                    • PyModule_GetDict.PYTHON27(00000000), ref: 01192C65
                                    • PyDict_GetItemString.PYTHON27(00000000,_iterdump), ref: 01192C76
                                    • PyErr_SetString.PYTHON27(Failed to obtain _iterdump() reference), ref: 01192C8F
                                    • PyTuple_New.PYTHON27(00000001), ref: 01192CC7
                                    • PyTuple_SetItem.PYTHON27(00000000,00000000,00000001), ref: 01192CDA
                                    • PyObject_CallObject.PYTHON27(00000000,00000000), ref: 01192CE2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Err_ItemTuple_$CallDictDict_ImportImport_ModuleModule_ObjectObject_
                                    • String ID: Failed to obtain _iterdump() reference$_iterdump$sqlite3.dump
                                    • API String ID: 1297115087-1016977147
                                    • Opcode ID: 5897f3942252e2e2938982f80967ae4490708c652ad4088b87ddf21dcb1603c5
                                    • Instruction ID: eaa3fb50a2c403be04559cb04b4fa85390e1b0c580df6f4ee007961e0ec26f9b
                                    • Opcode Fuzzy Hash: 5897f3942252e2e2938982f80967ae4490708c652ad4088b87ddf21dcb1603c5
                                    • Instruction Fuzzy Hash: 0E21A1B6610202FFDF1C9BA8E808AAA7BB8EF44721F200069F525D3185DB30D8418B64
                                    APIs
                                    • PyErr_Occurred.PYTHON27 ref: 011824C1
                                    • PyLong_AsUnsignedLong.PYTHON27(?), ref: 011824D8
                                    • PyErr_Occurred.PYTHON27 ref: 011824EE
                                    • PyErr_Occurred.PYTHON27 ref: 011824F4
                                    • htonl.WS2_32(00000000), ref: 011824FB
                                    • PyLong_FromUnsignedLong.PYTHON27(00000000), ref: 01182502
                                    • PyErr_SetString.PYTHON27(?,can't convert negative number to unsigned long), ref: 0118253C
                                    Strings
                                    • can't convert negative number to unsigned long, xrefs: 01182536
                                    • expected int/long, %s found, xrefs: 01182519
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$Occurred$LongLong_Unsigned$FromStringhtonl
                                    • String ID: can't convert negative number to unsigned long$expected int/long, %s found
                                    • API String ID: 2327721527-1357850682
                                    • Opcode ID: 01588cb79e0d75947b9bad35dd40f4d7c77f63b2191dee8fb9d595bfb7ffaa64
                                    • Instruction ID: 42bbffa57838172941fa1b6ab0c5eb947bda8f81f6f034b36de983520eab0870
                                    • Opcode Fuzzy Hash: 01588cb79e0d75947b9bad35dd40f4d7c77f63b2191dee8fb9d595bfb7ffaa64
                                    • Instruction Fuzzy Hash: 0E11A0726001104BD66AAB6DFC48E9E7764EBC0634B05C274F926C728BD331D8C2CFA0
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB4E07
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB4E1B
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB4E2A
                                    • sqlite3_result_value.SQLITE3(?,?), ref: 02DB4E46
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB4E55
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB4E62
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB4E77
                                    • sqlite3_realloc.SQLITE3(00000000,?), ref: 02DB4F2A
                                    • sqlite3_result_error_toobig.SQLITE3(?), ref: 02DB4FD2
                                    • sqlite3_result_error_nomem.SQLITE3(?), ref: 02DB4FE7
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_reallocsqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_value
                                    • String ID:
                                    • API String ID: 300846497-0
                                    • Opcode ID: f5d7063e45f354912427a3c5882366e23484005b33a1fcabea2d80d83b7457ad
                                    • Instruction ID: fdbf545efab16e1222d2e7147f8ce908c9302a2185e2ac13c92b2a09285f4700
                                    • Opcode Fuzzy Hash: f5d7063e45f354912427a3c5882366e23484005b33a1fcabea2d80d83b7457ad
                                    • Instruction Fuzzy Hash: DC518272508341AFDB15DF28C86495ABBE6EF88364F14891EF88997391DB30ED44CF92
                                    APIs
                                    • sqlite3_reset.SQLITE3(00000000,01191C05), ref: 01195675
                                    • sqlite3_errcode.SQLITE3(?,?,01191C05), ref: 0119567D
                                    • PyErr_Clear.PYTHON27(?,01191C05), ref: 01195698
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ClearErr_sqlite3_errcodesqlite3_reset
                                    • String ID:
                                    • API String ID: 740995139-0
                                    • Opcode ID: 1689834dcce426129ac4d22dce978773f8ead1380f15babfeadcd65013edf236
                                    • Instruction ID: 603d321da7e31978ead9186090d8090246d8059cd1a76c4377d07cf172328d61
                                    • Opcode Fuzzy Hash: 1689834dcce426129ac4d22dce978773f8ead1380f15babfeadcd65013edf236
                                    • Instruction Fuzzy Hash: 39012534008811EE9F9F2A29BC48D3E3AABEB522147C14177F432B5068CB255E919B6B
                                    APIs
                                      • Part of subcall function 02D99F9A: sqlite3_mutex_try.SQLITE3(?,02D9C322,?,?,?,?,00000000,02DA21D6,?,?,?,02DA1C88,?,00000000,?,02DA0AB7), ref: 02D99FAF
                                    • sqlite3_free.SQLITE3(?), ref: 02D9FBCB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_mutex_try
                                    • String ID: N$List of tree roots: $Main freelist: $Outstanding page count goes from %d to %d during this analysis$Page %d is never used$Pointer map page %d is referenced$d$d N
                                    • API String ID: 2106478074-535074145
                                    • Opcode ID: d2cd71ceeab4b8192155cdfff8b87e0297851bcf358693f7484142a23fc302f3
                                    • Instruction ID: d4c3dc3d6c1ccee73d51faa337761c25e70e7d0399b6799755df433c609178bb
                                    • Opcode Fuzzy Hash: d2cd71ceeab4b8192155cdfff8b87e0297851bcf358693f7484142a23fc302f3
                                    • Instruction Fuzzy Hash: DF717771A00218AFCF11DFA8E880A9EBBB5EF49314F10445AF841EB350D771AE52CFA1
                                    APIs
                                    • sqlite3_mprintf.SQLITE3(not authorized,?,?,?,?,?,02DB8A92,?,?,?,?), ref: 02DB88DD
                                    • sqlite3_snprintf.SQLITE3(0000012C,00000000,unable to open shared library [%s],?,?,?,?,?,?,02DB8A92,?,?,?,?), ref: 02DB892C
                                    • sqlite3_snprintf.SQLITE3(0000012C,00000000,no entry point [%s] in shared library [%s],00020000,?), ref: 02DB8993
                                    • sqlite3_mprintf.SQLITE3(error during initialization: %s,?), ref: 02DB89EB
                                    • sqlite3_free.SQLITE3(?), ref: 02DB89F7
                                    Strings
                                    • no entry point [%s] in shared library [%s], xrefs: 02DB898C
                                    • error during initialization: %s, xrefs: 02DB89E6
                                    • unable to open shared library [%s], xrefs: 02DB8925
                                    • not authorized, xrefs: 02DB88D8
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mprintfsqlite3_snprintf$sqlite3_free
                                    • String ID: error during initialization: %s$no entry point [%s] in shared library [%s]$not authorized$unable to open shared library [%s]
                                    • API String ID: 1519373342-2940154166
                                    • Opcode ID: 0c0a2dae98e9579fbf10ae00277f2f5bf351fe87b6dd3ad8b94837a40139ef29
                                    • Instruction ID: 36f71a9d940bceec9aa6d1bfd646dac7ce2d0782ae286b82a77bba7c1f851227
                                    • Opcode Fuzzy Hash: 0c0a2dae98e9579fbf10ae00277f2f5bf351fe87b6dd3ad8b94837a40139ef29
                                    • Instruction Fuzzy Hash: 30517C75504606FBDF16AFA4DC94AAE7BA9EF08304F104429F906D6240EB31DE20EF61
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_ParseTuplegetsockopt
                                    • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                    • API String ID: 380196060-2750947780
                                    • Opcode ID: f82cd12ea45bc4f457d640512ae42e3d427a9855e0f70bc3b54aa706972686aa
                                    • Instruction ID: 05fa5e51703063620d597fc530b959b8264339386878ee3a6d518faa5e530853
                                    • Opcode Fuzzy Hash: f82cd12ea45bc4f457d640512ae42e3d427a9855e0f70bc3b54aa706972686aa
                                    • Instruction Fuzzy Hash: 64316DB15082029FD718EF58DC84E5BB7E9FFC4204F84895CF99983212E731E949CBA2
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyErr_Occurred.PYTHON27 ref: 01191CE9
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?,00000000,?,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 011916E1
                                      • Part of subcall function 011916D3: PyList_GetItem.PYTHON27(?,00000000,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 011916EC
                                      • Part of subcall function 011916D3: PyWeakref_GetObject.PYTHON27(00000000,?,011915A1,?,?), ref: 011916F3
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?,?,?,?,?,?,?,?), ref: 0119171D
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 0119172F
                                      • Part of subcall function 011916D3: PyList_GetItem.PYTHON27(?,00000000,011915A1,?,?), ref: 0119173A
                                      • Part of subcall function 011916D3: PyWeakref_GetObject.PYTHON27(00000000), ref: 01191741
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?), ref: 0119175D
                                    • PyEval_SaveThread.PYTHON27(00000002,00000001), ref: 01191C68
                                    • sqlite3_prepare.SQLITE3(?,ROLLBACK,000000FF,?,00000000), ref: 01191C7E
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,ROLLBACK,000000FF,?,00000000), ref: 01191C87
                                    • PyEval_SaveThread.PYTHON27 ref: 01191CB9
                                    • sqlite3_finalize.SQLITE3(?), ref: 01191CC0
                                    • PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01191CC8
                                    • PyErr_Occurred.PYTHON27 ref: 01191CD4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$Err_Eval_SizeThread$ItemObjectOccurredRestoreSaveThread_get_thread_identWeakref_$FormatStringsqlite3_finalizesqlite3_prepare
                                    • String ID: ROLLBACK
                                    • API String ID: 3124533063-1608819330
                                    • Opcode ID: 780cefe254394ae62aca862dbc94a5ccb3230e18ce9fcb6903428550510e3b56
                                    • Instruction ID: d4efeb95f3a569fbe03e431eb4d7ef419ec68959afaaf594c4e63005610d9884
                                    • Opcode Fuzzy Hash: 780cefe254394ae62aca862dbc94a5ccb3230e18ce9fcb6903428550510e3b56
                                    • Instruction Fuzzy Hash: 4E21B335900217FBDF2DABB9EC4495DB7A9BF05264B144172E931B3280DB70DD808B90
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyErr_Occurred.PYTHON27(011915A1,?,?,011915A1,?,?), ref: 01191C07
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?,00000000,?,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 011916E1
                                      • Part of subcall function 011916D3: PyList_GetItem.PYTHON27(?,00000000,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 011916EC
                                      • Part of subcall function 011916D3: PyWeakref_GetObject.PYTHON27(00000000,?,011915A1,?,?), ref: 011916F3
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?,?,?,?,?,?,?,?), ref: 0119171D
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 0119172F
                                      • Part of subcall function 011916D3: PyList_GetItem.PYTHON27(?,00000000,011915A1,?,?), ref: 0119173A
                                      • Part of subcall function 011916D3: PyWeakref_GetObject.PYTHON27(00000000), ref: 01191741
                                      • Part of subcall function 011916D3: PyList_Size.PYTHON27(?), ref: 0119175D
                                    • PyEval_SaveThread.PYTHON27(00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 01191B84
                                    • sqlite3_prepare.SQLITE3(?,COMMIT,000000FF,?,?,?,011915A1,?,?), ref: 01191B9B
                                    • PyEval_RestoreThread.PYTHON27(011915A1,?,COMMIT,000000FF,?,?,?,011915A1,?,?), ref: 01191BA6
                                      • Part of subcall function 0119563F: PyEval_SaveThread.PYTHON27(00000000,?,01191BBC,?), ref: 01195649
                                      • Part of subcall function 0119563F: sqlite3_step.SQLITE3(?), ref: 01195655
                                      • Part of subcall function 0119563F: PyEval_RestoreThread.PYTHON27(00000000,?), ref: 0119565D
                                    • PyEval_SaveThread.PYTHON27 ref: 01191BD5
                                    • sqlite3_finalize.SQLITE3(?), ref: 01191BDC
                                    • PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01191BE5
                                    • PyErr_Occurred.PYTHON27 ref: 01191BF2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_List_Thread$Err_Size$RestoreSave$ItemObjectOccurredThread_get_thread_identWeakref_$FormatStringsqlite3_finalizesqlite3_preparesqlite3_step
                                    • String ID: COMMIT
                                    • API String ID: 2370107235-3190614315
                                    • Opcode ID: 91eaae15a2e63ffe3ab2d25594006ba8e2ace42ac04385cf8d946f392b155927
                                    • Instruction ID: 786802533d2fb7c1540ad1a696ef2561e56bf8c87702422b9ddd0d0f6b953e53
                                    • Opcode Fuzzy Hash: 91eaae15a2e63ffe3ab2d25594006ba8e2ace42ac04385cf8d946f392b155927
                                    • Instruction Fuzzy Hash: 1E218671900117FBDF1EAFB5DC4485DBBBAFF05624B144566E535A3241EB3099C09F90
                                    APIs
                                    • PyErr_Occurred.PYTHON27 ref: 011823D5
                                    • PyLong_AsUnsignedLong.PYTHON27(?), ref: 011823EB
                                    • PyErr_Occurred.PYTHON27 ref: 011823FB
                                    • htonl.WS2_32(00000000), ref: 01182406
                                    • PyLong_FromUnsignedLong.PYTHON27(00000000), ref: 0118240D
                                    • PyErr_SetString.PYTHON27(?,can't convert negative number to unsigned long), ref: 01182445
                                    Strings
                                    • can't convert negative number to unsigned long, xrefs: 0118243F
                                    • expected int/long, %s found, xrefs: 01182423
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$LongLong_OccurredUnsigned$FromStringhtonl
                                    • String ID: can't convert negative number to unsigned long$expected int/long, %s found
                                    • API String ID: 2699002676-1357850682
                                    • Opcode ID: 2f3cbc9e965e21e1b74c1f92917bcf859108108a7be2611dc962d26e6492c0b8
                                    • Instruction ID: 1748d96617d6370e5537a7106cc4b995ca9791ca024402af0dac0bafc5cf84bf
                                    • Opcode Fuzzy Hash: 2f3cbc9e965e21e1b74c1f92917bcf859108108a7be2611dc962d26e6492c0b8
                                    • Instruction Fuzzy Hash: 8101C0306001208BE66DAB6CF848A9A7764EB84624B05C278FD258728BC735D8C2CFA1
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 011826E3
                                    • PyEval_SaveThread.PYTHON27 ref: 011826F6
                                    • getservbyname.WS2_32(?,?), ref: 01182708
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01182711
                                    • PyErr_SetString.PYTHON27(036A9748,service/proto not found), ref: 0118272A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuplegetservbyname
                                    • String ID: service/proto not found$s|s:getservbyname
                                    • API String ID: 2144275398-238889415
                                    • Opcode ID: fb25c5cf45455cf3a2d8b6f3e1f113cd82c9d64953f98d82fe5ac531bbea00b5
                                    • Instruction ID: 69b468ae903decd176ccb430bf0d19f7c9536eedecd8212ed835da0d0793f486
                                    • Opcode Fuzzy Hash: fb25c5cf45455cf3a2d8b6f3e1f113cd82c9d64953f98d82fe5ac531bbea00b5
                                    • Instruction Fuzzy Hash: 0E01B5755002009FC728AB69FC49A6F77A8AFC4616F84C439FD96C2206F735D458CBA2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncmp
                                    • String ID: .\crypto\asn1\asn1_gen.c$ASCII$BITLIST$HEX$UTF8$tag=
                                    • API String ID: 1114863663-1907351001
                                    • Opcode ID: e394e9a51d6640ad7520630de37df6a9289d603bcacb9f00d3ba6b45d993693d
                                    • Instruction ID: 58e8093e27223a8c105ba7ee03b8d32679a96351bdb91f00655cf49799b6cd73
                                    • Opcode Fuzzy Hash: e394e9a51d6640ad7520630de37df6a9289d603bcacb9f00d3ba6b45d993693d
                                    • Instruction Fuzzy Hash: C7713E727A43016BE710FA58EC81FBAB3959B80B31F18417BF6159E2C2D7F2D44A4752
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: isspace$tolower
                                    • String ID:
                                    • API String ID: 3214593294-0
                                    • Opcode ID: d586c1ae5bfdfdcfaaa2ef9d6504eafcc7b35ce13b7c969e4e443eb29ea7e496
                                    • Instruction ID: d634821d83757821e70acbf192f606bc674c2b152dbaa30e2f4d291c002d43bf
                                    • Opcode Fuzzy Hash: d586c1ae5bfdfdcfaaa2ef9d6504eafcc7b35ce13b7c969e4e443eb29ea7e496
                                    • Instruction Fuzzy Hash: 913120EBD187F703DB21D2AA1D3473B76579D83056F1C0BB9AC9DEE241E521E900C5A1
                                    APIs
                                    • sqlite3_malloc.SQLITE3(00000050), ref: 02DBF51F
                                    • sqlite3_exec.SQLITE3(00000001,?,02DBF3B8,?,?), ref: 02DBF54D
                                      • Part of subcall function 02DB8603: sqlite3_mutex_enter.SQLITE3(?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8633
                                      • Part of subcall function 02DB8603: sqlite3_prepare.SQLITE3(00000000,?,000000FF,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8686
                                      • Part of subcall function 02DB8603: sqlite3_column_count.SQLITE3(?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB86AD
                                      • Part of subcall function 02DB8603: sqlite3_step.SQLITE3(?,?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB86BB
                                      • Part of subcall function 02DB8603: sqlite3_column_name.SQLITE3(?,00000000,?,?,?,00000000,00000000,00000000,?,00000003,?,00000000,?,00000000,00000001), ref: 02DB8722
                                    • sqlite3_mprintf.SQLITE3(02DDA2A8,?,?), ref: 02DBF589
                                    • sqlite3_free.SQLITE3(?), ref: 02DBF57C
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_enter.SQLITE3(00000000,02DC835C,00000000), ref: 02D92CD4
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_leave.SQLITE3 ref: 02D92CF8
                                    • sqlite3_free.SQLITE3(?), ref: 02DBF596
                                    • sqlite3_realloc.SQLITE3(?,00000001), ref: 02DBF5CE
                                    • sqlite3_free_table.SQLITE3(?), ref: 02DBF56B
                                      • Part of subcall function 02DBF61B: sqlite3_free.SQLITE3(?,00000000,00000000,?,02DBF5E5,?), ref: 02DBF63A
                                      • Part of subcall function 02DBF61B: sqlite3_free.SQLITE3(02DBF5E1,00000000,00000000,?,02DBF5E5,?), ref: 02DBF646
                                    • sqlite3_free.SQLITE3(?), ref: 02DBF5A4
                                    • sqlite3_free_table.SQLITE3(?), ref: 02DBF5B5
                                    • sqlite3_free_table.SQLITE3(?), ref: 02DBF5E0
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_free$sqlite3_free_table$sqlite3_mutex_enter$sqlite3_column_countsqlite3_column_namesqlite3_execsqlite3_mallocsqlite3_mprintfsqlite3_mutex_leavesqlite3_preparesqlite3_reallocsqlite3_step
                                    • String ID:
                                    • API String ID: 2723702724-0
                                    • Opcode ID: a7cf492bba4aa9401309c9632366d359bde5beed94eec2a925f62bd66fb8c7e2
                                    • Instruction ID: 56da359ee32a141f43afd06f83cacdb691292031cdf54b28a8b3567ba3c839f3
                                    • Opcode Fuzzy Hash: a7cf492bba4aa9401309c9632366d359bde5beed94eec2a925f62bd66fb8c7e2
                                    • Instruction Fuzzy Hash: 6B413671A00209EFDB12DF68DC909AEBBB6EF84704F204419F816EB760D7319E51CBA0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: tcp$udp
                                    • API String ID: 0-3725065008
                                    • Opcode ID: a21229534dcfbd29caa19f79c56b723c030e1a0d720cf7d98ae55507f1c09595
                                    • Instruction ID: edc5207fc3b6f29ba05bb81896dfd7b6ece925cf881f2b8b14155650c48ed64d
                                    • Opcode Fuzzy Hash: a21229534dcfbd29caa19f79c56b723c030e1a0d720cf7d98ae55507f1c09595
                                    • Instruction Fuzzy Hash: 6A81F232A143119BD729EF1DD444A6FBBA0FB84B10F48C62EF9A487291C735D945CFA2
                                    Strings
                                    • unable to close due to unfinished backup operation, xrefs: 02DC888F
                                    • unable to close due to unfinalised statements, xrefs: 02DC8814
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: unable to close due to unfinalised statements$unable to close due to unfinished backup operation
                                    • API String ID: 0-3213132775
                                    • Opcode ID: 5236db6844620e28bf0d29af45be97cd5de616437f9dccb3a69fa72f51c4a269
                                    • Instruction ID: d8e536016d5478d2de4b83d7b4fd7487055b71834f9fe426d59d751f71245747
                                    • Opcode Fuzzy Hash: 5236db6844620e28bf0d29af45be97cd5de616437f9dccb3a69fa72f51c4a269
                                    • Instruction Fuzzy Hash: 8561B032604613BFDB1A9F24D884FA9B361FF44324F24811DE949A7750DB31EC51EBA1
                                    APIs
                                    • sqlite3_value_blob.SQLITE3 ref: 02DB4BE7
                                    • sqlite3_result_text.SQLITE3(?,00000000,000000FF,000000FF,-00000002,?,00000002,00000000), ref: 02DB4C71
                                    • sqlite3_free.SQLITE3(00000000,?,00000000,000000FF,000000FF,-00000002,?,00000002,00000000), ref: 02DB4C77
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB4BF3
                                      • Part of subcall function 02DB4574: sqlite3_result_error_toobig.SQLITE3(?,00000000,02DB45EC,-00000001), ref: 02DB458D
                                    • sqlite3_value_text.SQLITE3 ref: 02DB4C85
                                    • sqlite3_result_value.SQLITE3(?), ref: 02DB4D04
                                    • sqlite3_result_text.SQLITE3(?,NULL,00000004,00000000), ref: 02DB4D18
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_result_text$sqlite3_freesqlite3_result_error_toobigsqlite3_result_valuesqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                    • String ID: NULL
                                    • API String ID: 3550221541-324932091
                                    • Opcode ID: 5fe9c2a4013b5cac928ed9f877b01cccefca5b5190ac17897cce97c50ee03c12
                                    • Instruction ID: f734e066f8a8373bd3b2b43d7cd055d60b3e149f4c1d2b8d41fd1cc84969c9e8
                                    • Opcode Fuzzy Hash: 5fe9c2a4013b5cac928ed9f877b01cccefca5b5190ac17897cce97c50ee03c12
                                    • Instruction Fuzzy Hash: D641A86240C281DEEB13DE349C75ABA7F96CF46615F2845ADE4C647383D6229C05C7B1
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 03FD1554
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 03FD158B
                                    • PyErr_SetString.PYTHON27(036AAE28,The read operation timed out), ref: 03FD161F
                                    • PyErr_SetString.PYTHON27(036AAE28,Underlying socket too large for select().), ref: 03FD163B
                                    Strings
                                    • Underlying socket too large for select()., xrefs: 03FD1635
                                    • The read operation timed out, xrefs: 03FD1619
                                    • The write operation timed out, xrefs: 03FD165D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Eval_StringThread$RestoreSave
                                    • String ID: The read operation timed out$The write operation timed out$Underlying socket too large for select().
                                    • API String ID: 3552522581-1107136764
                                    • Opcode ID: 8e7e3768d23d5fa832c31a5d971f038816d8377411f357c916a2b9ff50a518c0
                                    • Instruction ID: ec7897d98cadec2a638e5a70f421d89f34f9cd1ddec35b3109ba789d07727ea3
                                    • Opcode Fuzzy Hash: 8e7e3768d23d5fa832c31a5d971f038816d8377411f357c916a2b9ff50a518c0
                                    • Instruction Fuzzy Hash: 89415BBAA443056BD730EBB4EC8DBA7737AEB80315F0C092AE60787241DB76E4548791
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 03FD2C98
                                    • PyErr_SetString.PYTHON27(036AAE28,Can't malloc memory to read file,?,?,?,?), ref: 03FD2CCA
                                    Strings
                                    • Can't malloc memory to read file, xrefs: 03FD2CC4
                                    • Error decoding PEM-encoded file, xrefs: 03FD2D2F
                                    • Can't open file, xrefs: 03FD2CF7
                                    • s|i:test_decode_certificate, xrefs: 03FD2C84
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Err_ParseStringTuple
                                    • String ID: Can't malloc memory to read file$Can't open file$Error decoding PEM-encoded file$s|i:test_decode_certificate
                                    • API String ID: 385655187-2304840281
                                    • Opcode ID: d3bd59b9e1269e85231e2100b3f865aa653757f5a5ffa1790011da805543866f
                                    • Instruction ID: 5da36361c9003b70dce141c4d528dde33b335f577f2080bbe1165530dae9867e
                                    • Opcode Fuzzy Hash: d3bd59b9e1269e85231e2100b3f865aa653757f5a5ffa1790011da805543866f
                                    • Instruction Fuzzy Hash: 6F21DB7AE402056BD600FB68BC8A86F776DAB80565F4C0539FD0986201F66A995D82E3
                                    APIs
                                    • Py_BuildValue.PYTHON27(is#,?,-00000002,0000000E,?,00000000,?,01185311), ref: 01184BAA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildValue
                                    • String ID: OiII$is#
                                    • API String ID: 3383912721-942076931
                                    • Opcode ID: 4a02ed2185baedf43505c701396f36379920bfc2f3824e47b7f78aa349bd25f7
                                    • Instruction ID: b7cd3ccee2d4898adb55e44d30ae7e0d37feb3b569018596aa9677e4d33931b3
                                    • Opcode Fuzzy Hash: 4a02ed2185baedf43505c701396f36379920bfc2f3824e47b7f78aa349bd25f7
                                    • Instruction Fuzzy Hash: CD212C71200212ABD3283B5DEC45A7F73A8EB84621B11C229F97586645D775DC92CBB1
                                    APIs
                                    • sqlite3_snprintf.SQLITE3(000000E6,?,02DDA2A8,00000000), ref: 02D95B0D
                                    • GetTempPathW.KERNEL32(000000E6,?), ref: 02D95B2D
                                    • GetTempPathA.KERNEL32(000000E6,?), ref: 02D95B55
                                    • sqlite3_win32_mbcs_to_utf8.SQLITE3(?), ref: 02D95B62
                                    • sqlite3_snprintf.SQLITE3(000000E6,?,02DDA2A8,00000000), ref: 02D95B77
                                    • sqlite3_snprintf.SQLITE3(000000E7,?,%s\etilqs_,00000000), ref: 02D95BB8
                                    • sqlite3_randomness.SQLITE3(00000014,00000000,000000E7,?,%s\etilqs_,00000000), ref: 02D95BCC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf$PathTemp$sqlite3_randomnesssqlite3_win32_mbcs_to_utf8
                                    • String ID: %s\etilqs_
                                    • API String ID: 3938436797-2269359198
                                    • Opcode ID: 377152156717ca4bbd4c85e547d6784c155bfc2ced033ac8486ea78cd63f9947
                                    • Instruction ID: 86bf7748950c6910252ad1de887b49dfcd04398a0343bc4b55a2a4c717676ac2
                                    • Opcode Fuzzy Hash: 377152156717ca4bbd4c85e547d6784c155bfc2ced033ac8486ea78cd63f9947
                                    • Instruction Fuzzy Hash: B9212BB1904149AEEF22A7A4EC40FFA779CDB15308F9408B5F585D6381EAB08D85CF71
                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27 ref: 01185756
                                    • PyErr_SetString.PYTHON27(00000000,negative buffersize in recvfrom_into,?,?,?,?,?,?,?,?), ref: 0118577D
                                    • PyBuffer_Release.PYTHON27(?,?,?,?,?,?,?,?,?,?), ref: 0118578B
                                    Strings
                                    • negative buffersize in recvfrom_into, xrefs: 01185777
                                    • w*|ii:recvfrom_into, xrefs: 01185737
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Buffer_Err_KeywordsParseReleaseStringTuple
                                    • String ID: negative buffersize in recvfrom_into$w*|ii:recvfrom_into
                                    • API String ID: 3378295552-4148862076
                                    • Opcode ID: 19a51a73d2a2b85837948bcb6fafd21438865d4643b183ad0dcdd7e6b56ed625
                                    • Instruction ID: d65fcb42cff079990e3fe6e008acd8313eda96b18ef89fa741293642b4889869
                                    • Opcode Fuzzy Hash: 19a51a73d2a2b85837948bcb6fafd21438865d4643b183ad0dcdd7e6b56ed625
                                    • Instruction Fuzzy Hash: 9C2189B0504302AFD748EF58D884A6B77E9EF84258F44C91CF8A987202E735D948CBA2
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DAF734
                                    • sqlite3_snprintf.SQLITE3(00000080,?,cannot DETACH database within transaction), ref: 02DAF7B7
                                    • sqlite3_snprintf.SQLITE3(00000080,?,database %s is locked,00000000), ref: 02DAF7FC
                                    • sqlite3_result_error.SQLITE3(00000000,?,000000FF), ref: 02DAF810
                                    Strings
                                    • no such database: %s, xrefs: 02DAF78A
                                    • cannot DETACH database within transaction, xrefs: 02DAF7A6
                                    • database %s is locked, xrefs: 02DAF7EB
                                    • cannot detach database %s, xrefs: 02DAF799
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf$sqlite3_result_errorsqlite3_value_text
                                    • String ID: cannot DETACH database within transaction$cannot detach database %s$database %s is locked$no such database: %s
                                    • API String ID: 2252562485-3374617522
                                    • Opcode ID: 8aedd8c5c6ea9fa8e747166de19bc5c3fc4c719e0e9fe55d3de527545f471bef
                                    • Instruction ID: 08592ebc2eb94d0ea9612f57aa117be6c23d787e0b685201f632e87a302f8c13
                                    • Opcode Fuzzy Hash: 8aedd8c5c6ea9fa8e747166de19bc5c3fc4c719e0e9fe55d3de527545f471bef
                                    • Instruction Fuzzy Hash: 30315C71A00208AFEF10DFA4C890FA9B7B6EB04318F1485E6E85996741D772ED95CFA1
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02D9FDA4
                                    • sqlite3_mutex_enter.SQLITE3(?,?), ref: 02D9FDB0
                                    • sqlite3_malloc.SQLITE3(00000030), ref: 02D9FDD1
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02D9FE42
                                    • sqlite3_mutex_leave.SQLITE3(?,?), ref: 02D9FE4A
                                    Strings
                                    • source and destination must be distinct, xrefs: 02D9FDBB
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_malloc
                                    • String ID: source and destination must be distinct
                                    • API String ID: 2849165104-3299598958
                                    • Opcode ID: cb3564d5049482854065a3847fb2d2f76c1357dd27198836fbd472d06d6c3424
                                    • Instruction ID: 2b9741e4228cc7f83997decf34cef71e48b279d8b03cbbe3dd4137c348ea1634
                                    • Opcode Fuzzy Hash: cb3564d5049482854065a3847fb2d2f76c1357dd27198836fbd472d06d6c3424
                                    • Instruction Fuzzy Hash: C3110632509711AFDB39AF249C45B1BB7E6EF50720F10041EF94496BA2DB72EC85CBA4
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB4AB8
                                    • sqlite3_value_text.SQLITE3(00000000), ref: 02DB4AC4
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB4ACF
                                    • sqlite3_result_error.SQLITE3(?,ESCAPE expression must be a single character,000000FF), ref: 02DB4AE2
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB4AF5
                                    • sqlite3_result_int.SQLITE3(?,00000000,00000000,00000000,00000000,00000000), ref: 02DB4B4A
                                    Strings
                                    • LIKE or GLOB pattern too complex, xrefs: 02DB4ADC
                                    • ESCAPE expression must be a single character, xrefs: 02DB4B12
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_intsqlite3_value_bytes
                                    • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                    • API String ID: 4226599549-264706735
                                    • Opcode ID: 447092807fc3a79a1af2d95ca598042fddc60514d7445668c8888dcf779371a3
                                    • Instruction ID: 96aab219d16dceb32ce9460819e285e605fa9b93ccd4c918801946f874fcb74f
                                    • Opcode Fuzzy Hash: 447092807fc3a79a1af2d95ca598042fddc60514d7445668c8888dcf779371a3
                                    • Instruction Fuzzy Hash: FD219F36500104EBCF16EF58CC64E9A77AAEF05324F244655F52697391CB70DD50CF91
                                    APIs
                                    • PyGILState_Ensure.PYTHON27 ref: 01192171
                                    • sqlite3_aggregate_context.SQLITE3(?,00000004), ref: 01192180
                                    • PyObject_CallMethod.PYTHON27(00000000,finalize,011979D8), ref: 0119219B
                                    • PyErr_Print.PYTHON27 ref: 011921B2
                                    • PyErr_Clear.PYTHON27 ref: 011921BA
                                    • PyGILState_Release.PYTHON27(?), ref: 011921FF
                                    Strings
                                    • finalize, xrefs: 01192195
                                    • user-defined aggregate's 'finalize' method raised error, xrefs: 011921C0
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_State_$CallClearEnsureMethodObject_PrintReleasesqlite3_aggregate_context
                                    • String ID: finalize$user-defined aggregate's 'finalize' method raised error
                                    • API String ID: 1777941336-2697405666
                                    • Opcode ID: a4adb81ad1473c060fc31796285a4d2f9cdbc6c4479acb623c8314bcfea98a94
                                    • Instruction ID: 2a73e77db20aa77d71b0520be1bbd4b770bca019c211b5eee38ccff9dc08febf
                                    • Opcode Fuzzy Hash: a4adb81ad1473c060fc31796285a4d2f9cdbc6c4479acb623c8314bcfea98a94
                                    • Instruction Fuzzy Hash: CF11C4BA504202EFDF2C6F58EC44E593BE8EF152217100079EA3196185DB70E980CB65
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,s:getprotobyname), ref: 011825AD
                                    • PyEval_SaveThread.PYTHON27 ref: 011825BE
                                    • getprotobyname.WS2_32(?), ref: 011825CB
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 011825D4
                                    • PyErr_SetString.PYTHON27(036A9748,protocol not found), ref: 011825EC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuplegetprotobyname
                                    • String ID: protocol not found$s:getprotobyname
                                    • API String ID: 2638100271-630402058
                                    • Opcode ID: 6729cb5a6cf8262a12aa5460e6c816da9b937c2a014f54275d9cb8370b84e0c2
                                    • Instruction ID: 652dcf011e561f562e089c0d613cddc8c417b8a97aaa1c19621f054b1193bba9
                                    • Opcode Fuzzy Hash: 6729cb5a6cf8262a12aa5460e6c816da9b937c2a014f54275d9cb8370b84e0c2
                                    • Instruction Fuzzy Hash: 4CF0C2B26002109BC72CA7A9F84899F77A8EFC4226704C43DFC17C6206E735C094CB61
                                    APIs
                                    • PyList_New.PYTHON27(00000000,?), ref: 03FD2262
                                    • PyList_New.PYTHON27(00000000), ref: 03FD2273
                                    • PyList_AsTuple.PYTHON27(00000000), ref: 03FD229D
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 03FD22BF
                                    • PyList_AsTuple.PYTHON27(00000000), ref: 03FD2322
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 03FD2344
                                    • PyList_New.PYTHON27(00000000), ref: 03FD236A
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 03FD23A4
                                    • PyList_AsTuple.PYTHON27(00000000), ref: 03FD2410
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$AppendTuple
                                    • String ID:
                                    • API String ID: 3296478665-0
                                    • Opcode ID: 1d1db7686211f84443e6989b67af99bec00024c49296dab3973492b3f54ff345
                                    • Instruction ID: dc12120832f9dd9b2b642dad46c8eed53a31744db4df27cb2564efad03591354
                                    • Opcode Fuzzy Hash: 1d1db7686211f84443e6989b67af99bec00024c49296dab3973492b3f54ff345
                                    • Instruction Fuzzy Hash: 2251D576D007166BD310EF64DC48A6BB3A6AF81231F1D0B28ED2547381EB35EA56C7D2
                                    APIs
                                    • LockFile.KERNEL32(00000000,00000000,00000001,00000000), ref: 02D9586F
                                    • Sleep.KERNEL32(00000001), ref: 02D95879
                                    • GetLastError.KERNEL32 ref: 02D9588B
                                    • UnlockFile.KERNEL32(00000000,00000000,00000001,00000000), ref: 02D9596A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: File$ErrorLastLockSleepUnlock
                                    • String ID:
                                    • API String ID: 3015003838-0
                                    • Opcode ID: 3dd3e4446e02ab713d6f10175a33a41e4ee8c553164dd75bd5f0fbb8b055b1b7
                                    • Instruction ID: 2df357cdcac72437ecc2b95185a6ee2be80f0757cbc696db04119b14bd7b34fd
                                    • Opcode Fuzzy Hash: 3dd3e4446e02ab713d6f10175a33a41e4ee8c553164dd75bd5f0fbb8b055b1b7
                                    • Instruction Fuzzy Hash: 7941BB75944702EFEB229F24F801B2AB7E1EB84B25F900A3DF5A596340DB72DC05CB52
                                    APIs
                                    • Py_BuildValue.PYTHON27(OOO,1E1F18CD,?,1E1F18CD), ref: 011912E2
                                    • PyString_FromString.PYTHON27(%s <- %s ->%s), ref: 011912FA
                                    • PyString_Format.PYTHON27(00000000,00000000), ref: 0119130D
                                    • __iob_func.MSVCR90 ref: 0119133A
                                    • PyObject_Print.PYTHON27(?,-00000020), ref: 01191349
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String_$BuildFormatFromObject_PrintStringValue__iob_func
                                    • String ID: %s <- %s ->%s$OOO
                                    • API String ID: 1798096732-1785036936
                                    • Opcode ID: ed8c15b56f8f1096ccbce4c529b99acc31cc39d36110747937173931fa0f2389
                                    • Instruction ID: c6bc1218927b64799b7ffa4e5142bbceef6eeb31fece4a4883dfc806e4d22679
                                    • Opcode Fuzzy Hash: ed8c15b56f8f1096ccbce4c529b99acc31cc39d36110747937173931fa0f2389
                                    • Instruction Fuzzy Hash: D531B075208202EFDF1D9F58D8849AA7BB4FF19331B140459F9258B692DB30D981CFA1
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DAE2CD
                                    • sqlite3_value_text.SQLITE3(00000000,?), ref: 02DAE2DA
                                    • sqlite3_value_text.SQLITE3(?,00000000,?), ref: 02DAE2E5
                                    • sqlite3_result_text.SQLITE3(?,00000000,000000FF,Function_00002D0C,%s%s,02DDA27C,?), ref: 02DAE3CF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_result_text
                                    • String ID: %s%.*s"%w"$%s%s$f
                                    • API String ID: 380805339-2626843092
                                    • Opcode ID: aca693e0c0497de3eb96445c68470e40ff4287534e3fc98c6694e39127b32d2d
                                    • Instruction ID: 4d2d66bfba613a45bdc64155f7f8f301d68ee56736756797257d7b57879ffeff
                                    • Opcode Fuzzy Hash: aca693e0c0497de3eb96445c68470e40ff4287534e3fc98c6694e39127b32d2d
                                    • Instruction Fuzzy Hash: 7C315D75A00209BFDF11AFA8DC50AAEBBB6EF04310F1444A9F811A7350EB759E50DFA0
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27 ref: 01185848
                                    • PyErr_SetString.PYTHON27(?,negative buffersize in recvfrom,i|i:recvfrom,?,?), ref: 0118586A
                                    • PyString_FromStringAndSize.PYTHON27(00000000,?,i|i:recvfrom,?,?), ref: 0118587D
                                    • _PyString_Resize.PYTHON27(?,?), ref: 011858C3
                                    • PyTuple_Pack.PYTHON27(00000002,?,?), ref: 011858D8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: StringString_$Arg_Err_FromPackParseResizeSizeTupleTuple_
                                    • String ID: i|i:recvfrom$negative buffersize in recvfrom
                                    • API String ID: 2389936944-3743360010
                                    • Opcode ID: 541d87629dfa2fb419576bc6867ae060638519bc4f7e614d486b8fb18a04c48b
                                    • Instruction ID: b6f44d24ab61d680f70e70f1251db93d82fa41a0d43c36d30a9245f680269deb
                                    • Opcode Fuzzy Hash: 541d87629dfa2fb419576bc6867ae060638519bc4f7e614d486b8fb18a04c48b
                                    • Instruction Fuzzy Hash: E431AB71A04301AFE348EB58CC81B5B77E9EF85224F04C92CF95987252E735E905CBA2
                                    APIs
                                    • memcpy.MSVCR90(?,03F79EF0,03F79EF1,?,?,03F79426,?,00000400,00000000,?,?,?,?,03F79EF0,?,?), ref: 03F78E8C
                                    • __iob_func.MSVCR90 ref: 03F78EE5
                                    • fprintf.MSVCR90 ref: 03F78EEE
                                    • memset.MSVCR90 ref: 03F78F19
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __iob_funcfprintfmemcpymemset
                                    • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                    • API String ID: 1491903393-3399676524
                                    • Opcode ID: 0ecb795f72eda998017aafbb2840c2821e317e0d6393ceb29bd7716df0a81680
                                    • Instruction ID: ea284fab96bc7a0d721852def2da60b4de20a1ffc97435aed517b97c8ae0e0b8
                                    • Opcode Fuzzy Hash: 0ecb795f72eda998017aafbb2840c2821e317e0d6393ceb29bd7716df0a81680
                                    • Instruction Fuzzy Hash: 22216A76A003423BD620EA696C09FAB73AE8FC6694F0D0455FA54DB240EA21EC0483A2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast_errnofclosefopen
                                    • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                    • API String ID: 3695744714-2085858615
                                    • Opcode ID: 5490404ba07263a1e6172c9038b0379937d9106a8036eca141109697df5a3a3d
                                    • Instruction ID: 29a17b13f6afcc1dab33aba667851f831ef342965b531cd9fc6dccabd802edc6
                                    • Opcode Fuzzy Hash: 5490404ba07263a1e6172c9038b0379937d9106a8036eca141109697df5a3a3d
                                    • Instruction Fuzzy Hash: B011A36AFC13143AE920F1A56C4BF9F224A9B82F66F080076FB06ED1C2D6C2945542B3
                                    APIs
                                    • GetDesktopWindow.USER32 ref: 03F6859A
                                    • GetProcessWindowStation.USER32 ref: 03F685A0
                                    • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?), ref: 03F685BB
                                    • GetLastError.KERNEL32 ref: 03F685C5
                                    • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?), ref: 03F685F6
                                    • wcsstr.MSVCR90 ref: 03F68618
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: InformationObjectUserWindow$DesktopErrorLastProcessStationwcsstr
                                    • String ID: Service-0x
                                    • API String ID: 3739488951-2316086362
                                    • Opcode ID: 9e1c78ca31b1df68b3e0c355d3ee16cb34690bd60ef3da06d4800405422f6979
                                    • Instruction ID: f9d3bd27894c1db71a5127c452a1d5d3181133c0f2bb3d9d6434aa5c21854f5a
                                    • Opcode Fuzzy Hash: 9e1c78ca31b1df68b3e0c355d3ee16cb34690bd60ef3da06d4800405422f6979
                                    • Instruction Fuzzy Hash: E1210735A5060EBBDF10EBB4DC49BAEB778EF80351F50026DE912E71C0DB35AD108651
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,s:gethostbyaddr,?), ref: 01184F9A
                                      • Part of subcall function 01184356: PyEval_SaveThread.PYTHON27 ref: 011843AA
                                      • Part of subcall function 01184356: PyThread_acquire_lock.PYTHON27(03697740,00000001), ref: 011843BA
                                      • Part of subcall function 01184356: PyEval_RestoreThread.PYTHON27(00000000,00000000,01186544,?,?), ref: 011843DC
                                      • Part of subcall function 01184356: PyThread_release_lock.PYTHON27(03697740,?,?,?,?,?,?,?,?,?,?,?,?,0118492B,?,?), ref: 011843E8
                                    • PyErr_SetString.PYTHON27(036A9748,unsupported address family), ref: 01184FE1
                                    • PyEval_SaveThread.PYTHON27 ref: 0118500D
                                    • gethostbyaddr.WS2_32(?,00000004,?), ref: 0118501C
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01185025
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$RestoreSave$Arg_Err_ParseStringThread_acquire_lockThread_release_lockTuplegethostbyaddr
                                    • String ID: s:gethostbyaddr$unsupported address family
                                    • API String ID: 2148168308-2721261659
                                    • Opcode ID: 7744184927f6efc57a5665d2eb983e714060b348a04a099e87f9edca66e760d0
                                    • Instruction ID: 02a52a540f5dceb9a42b81be18a259a122255d741b9f506be8757d27a61d3cd1
                                    • Opcode Fuzzy Hash: 7744184927f6efc57a5665d2eb983e714060b348a04a099e87f9edca66e760d0
                                    • Instruction Fuzzy Hash: D911D5B26043069BD324EF6CAC49E6F77A8EBC4655F008929FA59C2145EB35D508CBB2
                                    APIs
                                    • sqlite3_value_int64.SQLITE3(?), ref: 02DB44F9
                                    • sqlite3_value_double.SQLITE3 ref: 02DB4518
                                    • sqlite3_mprintf.SQLITE3(%.*f,00000000), ref: 02DB452F
                                    • sqlite3_result_error_nomem.SQLITE3(?), ref: 02DB4540
                                    • sqlite3_free.SQLITE3(00000000), ref: 02DB4556
                                    • sqlite3_result_double.SQLITE3(?,?,00000000), ref: 02DB4566
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_doublesqlite3_result_error_nomemsqlite3_value_doublesqlite3_value_int64
                                    • String ID: %.*f
                                    • API String ID: 1609380862-1338106815
                                    • Opcode ID: 92b44bb4d25064682795fa06f515efa4a7e066681448984b738e8e0872f32cfb
                                    • Instruction ID: 8da070189257a8602fea10eecfffdfce23440e9fb872c6df16633a63a48512d4
                                    • Opcode Fuzzy Hash: 92b44bb4d25064682795fa06f515efa4a7e066681448984b738e8e0872f32cfb
                                    • Instruction Fuzzy Hash: 87110672800925BBC712AA18CC18DDF77DADF44720F024689F8959B341DB70CE90CBE1
                                    APIs
                                    • PyGILState_Ensure.PYTHON27 ref: 01191FD0
                                    • sqlite3_user_data.SQLITE3(?), ref: 01191FDD
                                      • Part of subcall function 01191E48: PyTuple_New.PYTHON27(?), ref: 01191E57
                                    • PyObject_CallObject.PYTHON27(00000000,00000000), ref: 01191FFA
                                    • PyErr_Print.PYTHON27 ref: 01192034
                                    • PyErr_Clear.PYTHON27 ref: 0119203C
                                    • PyGILState_Release.PYTHON27(?), ref: 01192055
                                    Strings
                                    • user-defined function raised exception, xrefs: 01192042
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_State_$CallClearEnsureObjectObject_PrintReleaseTuple_sqlite3_user_data
                                    • String ID: user-defined function raised exception
                                    • API String ID: 423191119-1286346901
                                    • Opcode ID: 285a241c7402518d8b1fd71cb9a5d23331126dc71853e55616bed86884bcc962
                                    • Instruction ID: 480c6307cecf43e2704ab95d4a621ddaa097fbdef4fb1f0b4fda05535afafcbb
                                    • Opcode Fuzzy Hash: 285a241c7402518d8b1fd71cb9a5d23331126dc71853e55616bed86884bcc962
                                    • Instruction Fuzzy Hash: 5911C232108201FFDF2D2F64EC4896E7BA6EF05271B14417AFD7586191DB31D980CB95
                                    APIs
                                    • sqlite3_value_double.SQLITE3(?), ref: 02DB4223
                                    • sqlite3_result_double.SQLITE3(?,?,?), ref: 02DB423E
                                    • sqlite3_result_null.SQLITE3(?), ref: 02DB4248
                                    • sqlite3_value_int64.SQLITE3(?), ref: 02DB4251
                                    • sqlite3_result_error.SQLITE3(?,integer overflow,000000FF), ref: 02DB4279
                                    • sqlite3_result_int64.SQLITE3(?,00000000), ref: 02DB428C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_result_doublesqlite3_result_errorsqlite3_result_int64sqlite3_result_nullsqlite3_value_doublesqlite3_value_int64
                                    • String ID: integer overflow
                                    • API String ID: 25555520-1678498654
                                    • Opcode ID: 53bade0663c7a85ce41133f7e601652d3af17c8e290c8069b0b29b68836eb4bd
                                    • Instruction ID: b3477f81ceef5af05f23385b3e5239293f3f2be621e568e966b3eb405a01041f
                                    • Opcode Fuzzy Hash: 53bade0663c7a85ce41133f7e601652d3af17c8e290c8069b0b29b68836eb4bd
                                    • Instruction Fuzzy Hash: 5A012671C04105AADB9A7628DC30EFD375EDF41364F148365F8A7663E1EB248D00A9A0
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,s:inet_aton,?), ref: 0118232B
                                    • PyString_FromStringAndSize.PYTHON27(?,00000004), ref: 01182381
                                    Strings
                                    • 255.255.255.255, xrefs: 01182341
                                    • illegal IP address string passed to inet_aton, xrefs: 011823A5
                                    • s:inet_aton, xrefs: 01182325
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_FromParseSizeStringString_Tuple
                                    • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                    • API String ID: 594740916-4110412280
                                    • Opcode ID: ef51fc1120ff9281265eef7b512bf1a88894f5a5073d71d858da782d7542c384
                                    • Instruction ID: c9e98d97c2577c22319905f5864cc32af679fe7f729a81a4cd505010543eb804
                                    • Opcode Fuzzy Hash: ef51fc1120ff9281265eef7b512bf1a88894f5a5073d71d858da782d7542c384
                                    • Instruction Fuzzy Hash: D9110C715082005BCB2ABB38AC9556B7B5AAF45525F84C664EC95C7282E332C50CDB51
                                    APIs
                                    • PyGILState_Ensure.PYTHON27 ref: 0119249B
                                    • PyObject_CallFunction.PYTHON27(?,issss,?,?,?,?,?), ref: 011924BA
                                    • PyErr_Print.PYTHON27 ref: 011924D1
                                    • PyErr_Clear.PYTHON27 ref: 011924D9
                                    • PyInt_AsLong.PYTHON27(00000000), ref: 011924F1
                                    • PyGILState_Release.PYTHON27(00000000), ref: 0119250C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_State_$CallClearEnsureFunctionInt_LongObject_PrintRelease
                                    • String ID: issss
                                    • API String ID: 51930891-2955096553
                                    • Opcode ID: 4850fe2d234a62342d342a27a14e276f55cd5c4d36d48ad25c83187463e9fc1f
                                    • Instruction ID: 9ac85260d9a72631db943da42741667619e9e2049e10fd0c04c4675858defb21
                                    • Opcode Fuzzy Hash: 4850fe2d234a62342d342a27a14e276f55cd5c4d36d48ad25c83187463e9fc1f
                                    • Instruction Fuzzy Hash: 9101B132104100FFDF2E5F58EC489AA3BB5EF482617010075FE3A82155CB319892DFA5
                                    APIs
                                    • PyList_New.PYTHON27(00000000,?,?,1E001EE0,?,?), ref: 011931EA
                                    • sqlite3_column_count.SQLITE3(?,?,?,1E001EE0,?,?), ref: 011931FD
                                    • sqlite3_column_name.SQLITE3(?,?,?,1E001EE0,?,?), ref: 01193225
                                    • sqlite3_column_decltype.SQLITE3(?,?,?,1E001EE0,?,?), ref: 01193291
                                    • PyString_FromStringAndSize.PYTHON27(00000000,00000000,?,1E001EE0,?,?), ref: 011932B7
                                    • PyList_Append.PYTHON27(00000001,1E1F18CC,?,1E001EE0,?,?), ref: 011932E8
                                    • sqlite3_column_count.SQLITE3 ref: 011932FE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_sqlite3_column_count$AppendFromSizeStringString_sqlite3_column_decltypesqlite3_column_name
                                    • String ID:
                                    • API String ID: 1985554375-0
                                    • Opcode ID: 04404b111c11f318b3aa9725f46ff9dcaac37bf1b84fa633bb300b77cc79fa4c
                                    • Instruction ID: b71fb7f7ffc0a126797e385a8d4a6bd26884a6436ecff72d63f1e115ca962cfe
                                    • Opcode Fuzzy Hash: 04404b111c11f318b3aa9725f46ff9dcaac37bf1b84fa633bb300b77cc79fa4c
                                    • Instruction Fuzzy Hash: 0C51E3311287029FDF2E8F78D848A26B7F5FF45220B24459EE9768B6A2DB31E540CB10
                                    APIs
                                      • Part of subcall function 02D95339: GetVersionExA.KERNEL32(?), ref: 02D9535C
                                    • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02D95F3B
                                    • GetFullPathNameW.KERNEL32(00000000,-00000003,00000000,00000000), ref: 02D95F6A
                                      • Part of subcall function 02DC9CB5: __lock.LIBCMT ref: 02DC9CD3
                                      • Part of subcall function 02DC9CB5: ___sbh_find_block.LIBCMT ref: 02DC9CDE
                                      • Part of subcall function 02DC9CB5: ___sbh_free_block.LIBCMT ref: 02DC9CED
                                      • Part of subcall function 02DC9CB5: HeapFree.KERNEL32(00000000,?,02DDD540,0000000C,02DCAA1D,00000000,02DDD5E0,0000000C,02DCAA57,?,?,?,02DCFA96,00000004,02DDD7F0,0000000C), ref: 02DC9D1D
                                      • Part of subcall function 02DC9CB5: GetLastError.KERNEL32(?,02DCFA96,00000004,02DDD7F0,0000000C,02DCD72B,?,?,00000000,00000000,00000000,?,02DCD33E,00000001,00000214), ref: 02DC9D2E
                                    • _malloc.LIBCMT ref: 02D95F46
                                      • Part of subcall function 02DC9D92: __FF_MSGBANNER.LIBCMT ref: 02DC9DB5
                                      • Part of subcall function 02DC9D92: __NMSG_WRITE.LIBCMT ref: 02DC9DBC
                                      • Part of subcall function 02DC9D92: RtlAllocateHeap.NTDLL(00000000,?,00000000,7622DF80,00000001,?,02D954C7,00000000), ref: 02DC9E09
                                    • GetFullPathNameA.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02D95F85
                                    • _malloc.LIBCMT ref: 02D95F8D
                                    • GetFullPathNameA.KERNEL32(00000000,-00000003,00000000,00000000), ref: 02D95FA0
                                    • sqlite3_win32_mbcs_to_utf8.SQLITE3(?), ref: 02D95FAE
                                    • sqlite3_snprintf.SQLITE3(?,?,02DDA2A8,00000000), ref: 02D95FD2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: FullNamePath$Heap_malloc$AllocateErrorFreeLastVersion___sbh_find_block___sbh_free_block__locksqlite3_snprintfsqlite3_win32_mbcs_to_utf8
                                    • String ID:
                                    • API String ID: 18697922-0
                                    • Opcode ID: 7c4808fddc45e6c87bb66ea2ef78f1f4f77e615192c88bd721c6aa0fbe2a98b1
                                    • Instruction ID: 350bb719da135135bb4a82f8dbbeff54f4d021b47d6b225d5fce8cc83098fc84
                                    • Opcode Fuzzy Hash: 7c4808fddc45e6c87bb66ea2ef78f1f4f77e615192c88bd721c6aa0fbe2a98b1
                                    • Instruction Fuzzy Hash: 4C21C172800118BEDF117FB4ED459AE7BBADF00360F604079F409A6360DB318E519EA0
                                    APIs
                                    • PyGILState_Ensure.PYTHON27 ref: 01192B4B
                                    • PyErr_Occurred.PYTHON27 ref: 01192B5A
                                    • PyString_FromStringAndSize.PYTHON27(?,00000000), ref: 01192B72
                                    • PyString_FromStringAndSize.PYTHON27(?,?), ref: 01192B7C
                                    • PyObject_CallFunctionObjArgs.PYTHON27(00000000,00000000,00000000,00000000), ref: 01192B93
                                    • PyInt_AsLong.PYTHON27(00000000), ref: 01192BA3
                                    • PyErr_Occurred.PYTHON27 ref: 01192BAD
                                    • PyGILState_Release.PYTHON27(?), ref: 01192BF8
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_FromOccurredSizeState_StringString_$ArgsCallEnsureFunctionInt_LongObject_Release
                                    • String ID:
                                    • API String ID: 2367789801-0
                                    • Opcode ID: 223df10541a8db9ce237b6569a522863ac8b9a0ab9dc8a5dc792cfe39310c3aa
                                    • Instruction ID: 82ca0fbcc186120488acb45141d329b98cde5baad7093adb99ffc2c91ca6b51e
                                    • Opcode Fuzzy Hash: 223df10541a8db9ce237b6569a522863ac8b9a0ab9dc8a5dc792cfe39310c3aa
                                    • Instruction Fuzzy Hash: 59217C72D00219FFEF29AF68D844AAE7BF4EF04221F1040A5ED22A7291DB31D941DF90
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 01191AA5
                                    • sqlite3_prepare.SQLITE3(?,?,000000FF,?,?), ref: 01191AB9
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,000000FF,?,?), ref: 01191AC2
                                    • PyErr_Occurred.PYTHON27 ref: 01191B23
                                      • Part of subcall function 0119563F: PyEval_SaveThread.PYTHON27(00000000,?,01191BBC,?), ref: 01195649
                                      • Part of subcall function 0119563F: sqlite3_step.SQLITE3(?), ref: 01195655
                                      • Part of subcall function 0119563F: PyEval_RestoreThread.PYTHON27(00000000,?), ref: 0119565D
                                    • PyEval_SaveThread.PYTHON27 ref: 01191AF4
                                    • sqlite3_finalize.SQLITE3(?), ref: 01191AFB
                                    • PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01191B03
                                    • PyErr_Occurred.PYTHON27 ref: 01191B0F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$RestoreSave$Err_Occurred$sqlite3_finalizesqlite3_preparesqlite3_step
                                    • String ID:
                                    • API String ID: 757190538-0
                                    • Opcode ID: 33f8a5f60cc2c0952ec456a6441afa231bae2d51c531e8b820f96d34c1da1fdc
                                    • Instruction ID: 53b0389b464671585ec5c8e161382bf1576a3301cb809d628e3482a572753d21
                                    • Opcode Fuzzy Hash: 33f8a5f60cc2c0952ec456a6441afa231bae2d51c531e8b820f96d34c1da1fdc
                                    • Instruction Fuzzy Hash: FC119432900107FBCF1DAFB8EC4498DB7B9BF09224B144172D531E3291EB30E9908B90
                                    APIs
                                    • PyList_Size.PYTHON27(?,00000000,?,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 011916E1
                                    • PyList_GetItem.PYTHON27(?,00000000,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 011916EC
                                    • PyWeakref_GetObject.PYTHON27(00000000,?,011915A1,?,?), ref: 011916F3
                                    • PyList_Size.PYTHON27(?,?,?,?,?,?,?,?), ref: 0119171D
                                      • Part of subcall function 011954F8: PyEval_SaveThread.PYTHON27(1E002A07,?,01191712), ref: 01195506
                                      • Part of subcall function 011954F8: sqlite3_reset.SQLITE3(?), ref: 01195511
                                      • Part of subcall function 011954F8: PyEval_RestoreThread.PYTHON27(00000000,?), ref: 01195519
                                    • PyList_Size.PYTHON27(?,00000000,01191B7E,00000002,00000000,00000000,011915A1,?,?,011915A1,?,?), ref: 0119172F
                                    • PyList_GetItem.PYTHON27(?,00000000,011915A1,?,?), ref: 0119173A
                                    • PyWeakref_GetObject.PYTHON27(00000000), ref: 01191741
                                    • PyList_Size.PYTHON27(?), ref: 0119175D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$Size$Eval_ItemObjectThreadWeakref_$RestoreSavesqlite3_reset
                                    • String ID:
                                    • API String ID: 3009570117-0
                                    • Opcode ID: fa068f9228f7b1a4925dd1489eeb47d7ee4d7ebee75e54bd74a12f6545347053
                                    • Instruction ID: 57c2475524fe4f2b4dd303fc9ab6fd6b35c14ad04f838fe7a9ffff79fc153664
                                    • Opcode Fuzzy Hash: fa068f9228f7b1a4925dd1489eeb47d7ee4d7ebee75e54bd74a12f6545347053
                                    • Instruction Fuzzy Hash: 6401D671400A23FFCF3E6BB4ED8845EBB5AFF012697040535E93592150DB22A0E0CFA1
                                    APIs
                                    • sqlite3_free.SQLITE3(00000000,?,00000000,00000000,?,?,?,02D9B1D9,00000000,00000000), ref: 02D98D87
                                      • Part of subcall function 02D92E65: _memset.LIBCMT ref: 02D92E7E
                                    • sqlite3_free.SQLITE3(00000000,?,?,?,?,00000000,00000000,?,?,?,02D9B1D9,00000000,00000000), ref: 02D98E4A
                                    • sqlite3_free.SQLITE3(00000000,?,00000000,00000000,?,?,?,02D9B1D9,00000000,00000000), ref: 02D98EEC
                                    • _memset.LIBCMT ref: 02D98F04
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_free$_memset
                                    • String ID: -journal$:memory:
                                    • API String ID: 2001445403-354093883
                                    • Opcode ID: 92a904eeec7b3f2751e013deb285cb7769abdd276f472fbbee433d2263b8eebe
                                    • Instruction ID: 3a5248a748444c3e4322fbe49a263604c1b9bd61334cfc398717acf027ae2a10
                                    • Opcode Fuzzy Hash: 92a904eeec7b3f2751e013deb285cb7769abdd276f472fbbee433d2263b8eebe
                                    • Instruction Fuzzy Hash: 80B1CCB1A04646AFCF15CFA9C8407A9BBF1FF19310F14826EE469DB381D735AA50DB90
                                    APIs
                                    • sqlite3_value_int64.SQLITE3(?), ref: 02DB42D8
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB42EC
                                    • sqlite3_value_blob.SQLITE3(?), ref: 02DB42F8
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB430E
                                    • sqlite3_value_int64.SQLITE3(?), ref: 02DB435F
                                    • sqlite3_result_blob.SQLITE3(?,-000000FF,?,000000FF), ref: 02DB4468
                                    • sqlite3_result_text.SQLITE3(?,?,?,000000FF), ref: 02DB44D3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_int64$sqlite3_result_blobsqlite3_result_textsqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                    • String ID:
                                    • API String ID: 4212406534-0
                                    • Opcode ID: af361a3e25f0c7bafb49bdc72cf588855b76f4cd59717cb64a176fe36831e087
                                    • Instruction ID: ad6b4242766527e16610a89f075b74e8e0f795ea143de6e43a41d433d8a998e2
                                    • Opcode Fuzzy Hash: af361a3e25f0c7bafb49bdc72cf588855b76f4cd59717cb64a176fe36831e087
                                    • Instruction Fuzzy Hash: F271DF32948740CBD716CE2898703AA77D2EF85328F1C0B5DE8E6933D2D7B19D55CA52
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\ssl\ssl_lib.c$AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH$ssl2-md5$ssl3-md5$ssl3-sha1
                                    • API String ID: 0-1024875364
                                    • Opcode ID: 2e5506a2da50c8c993061d0b24f0ee10b5fc4a3d6d5421c5d526beae7e4e82f5
                                    • Instruction ID: ed49a8aeb38be676af1676230e16cdc5830f1574858afe89a8472126f15b0b65
                                    • Opcode Fuzzy Hash: 2e5506a2da50c8c993061d0b24f0ee10b5fc4a3d6d5421c5d526beae7e4e82f5
                                    • Instruction Fuzzy Hash: 8071A8F8A84B016FE331EF669C46BD7F6E4AF50B00F14081FD59A9A291E7B1A1448F52
                                    APIs
                                    • sqlite3_strnicmp.SQLITE3(hidden,?,00000006), ref: 02DC1CF1
                                    • sqlite3_strnicmp.SQLITE3( hidden,00000000,00000007), ref: 02DC1D1A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: hidden$hidden$vtable constructor did not declare schema: %s$vtable constructor failed: %s
                                    • API String ID: 1961171630-2481402886
                                    • Opcode ID: 05fac872f27d94c0f269ce6681e0e438be988553cb0eff5348c918e00d2db30d
                                    • Instruction ID: d1af866e583f9ba8c6292664ebdbe1b1879d8adb683d998334cf677ffeec1cee
                                    • Opcode Fuzzy Hash: 05fac872f27d94c0f269ce6681e0e438be988553cb0eff5348c918e00d2db30d
                                    • Instruction Fuzzy Hash: 4B71AC71A04626AFDF15CFA8C580AAEBBB1EF05304F20449DE849AB342D731ED55CFA0
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 01191791
                                    • sqlite3_close.SQLITE3(?), ref: 0119179C
                                    • PyEval_RestoreThread.PYTHON27(00000000,?), ref: 011917A2
                                    • PyObject_CallMethod.PYTHON27(?,close,011979D8), ref: 011917BF
                                    • PyMem_Free.PYTHON27(?), ref: 011917F9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$CallFreeMem_MethodObject_RestoreSavesqlite3_close
                                    • String ID: close
                                    • API String ID: 3507305234-318865860
                                    • Opcode ID: 8638e1ba4f3662cf3eb986832b43089fbc882df49f9850460ff61066a9861000
                                    • Instruction ID: 1d8be9acabd9ed9321787f1bd3a53b5dab31c332b46d805f00cec0842cffc428
                                    • Opcode Fuzzy Hash: 8638e1ba4f3662cf3eb986832b43089fbc882df49f9850460ff61066a9861000
                                    • Instruction Fuzzy Hash: 29511B36600A01DFCB1ECF68D49886577B6FF8A72537444ADE1668F661DB32E882DF40
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strstr$sprintf
                                    • String ID: %s.dll$.\crypto\dso\dso_win32.c
                                    • API String ID: 1893147179-517341328
                                    • Opcode ID: 174fd70e3dc17aa10b8e64606f8c967bc5bba28cc3523d1d8048fac736e2318b
                                    • Instruction ID: 573046cfec467e9ad6ae7cd78cd13a96b6312c1ff54513660efc14dd83b61f11
                                    • Opcode Fuzzy Hash: 174fd70e3dc17aa10b8e64606f8c967bc5bba28cc3523d1d8048fac736e2318b
                                    • Instruction Fuzzy Hash: C6212677B403162BDB10D669EC86F8B73B99F52759F0C04A5F904EA301E791E41582A2
                                    APIs
                                    • PyMem_Free.PYTHON27(?,-00000001,00000000,?,?,011915A1,?,?), ref: 01192828
                                    • PyString_FromString.PYTHON27(BEGIN ,-00000001,00000000,?,?,011915A1,?,?), ref: 0119287B
                                    • PyString_Concat.PYTHON27(?,011915A2,011915A1,?,?), ref: 0119288E
                                    • PyString_AsString.PYTHON27(?), ref: 0119289E
                                    • PyMem_Malloc.PYTHON27(-00000001), ref: 011928D3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String_$Mem_String$ConcatFreeFromMalloc
                                    • String ID: BEGIN
                                    • API String ID: 3644707499-1331513717
                                    • Opcode ID: 38173296977bd2768d4126d949e5a0ec396d2a64d4e1bba644770e0b0fe0b585
                                    • Instruction ID: b661f2fae5eb1c00ceb81a0c8f6028e16bc3e7de7fa5d6268e1b64f32585f462
                                    • Opcode Fuzzy Hash: 38173296977bd2768d4126d949e5a0ec396d2a64d4e1bba644770e0b0fe0b585
                                    • Instruction Fuzzy Hash: 75418072504205EFCF199F68D4888A57BF5EF49361324846EF56ACF251DB30D882CF50
                                    APIs
                                      • Part of subcall function 01182C51: PyErr_SetString.PYTHON27(036A9748,getsockaddrlen: bad family,01185268,?,?), ref: 01182C72
                                    • PyEval_SaveThread.PYTHON27 ref: 0118526F
                                    • memset.MSVCR90 ref: 01185285
                                    • recvfrom.WS2_32(?,?,?,?,?,?), ref: 011852B5
                                    • PyEval_RestoreThread.PYTHON27(?), ref: 011852C2
                                    • PyErr_SetString.PYTHON27(036A9930,timed out), ref: 011852DC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Eval_StringThread$RestoreSavememsetrecvfrom
                                    • String ID: timed out
                                    • API String ID: 204198188-3163636755
                                    • Opcode ID: 2527643294c42865d83925d14c918848a76d8aa9ccd445d74228425cc4a91481
                                    • Instruction ID: 6f466e1d353bdb32a44f454dd974b0a072fffc0fac55a5022a79a6bf7eaad159
                                    • Opcode Fuzzy Hash: 2527643294c42865d83925d14c918848a76d8aa9ccd445d74228425cc4a91481
                                    • Instruction Fuzzy Hash: A421B9726043069BC714EFACEC81A6F77A9EFC4225F10862DF925C7281EB31D415CBA1
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,siO,0119A99C,?,?,?), ref: 01192378
                                    • sqlite3_create_function.SQLITE3(?,?,?,00000001,?,Function_00001FC6,00000000,00000000), ref: 0119239C
                                    • PyErr_SetString.PYTHON27(Error creating function), ref: 011923B3
                                    • PyDict_SetItem.PYTHON27(?,?), ref: 011923CC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$StringThread_get_thread_ident$Arg_Dict_FormatItemKeywordsParseTuplesqlite3_create_function
                                    • String ID: Error creating function$siO
                                    • API String ID: 566958269-3201207892
                                    • Opcode ID: 562cd4c18bd23cb9c26cc8642c12fbe5d014182c35e194ec5ad8bf84b9f49126
                                    • Instruction ID: 473653e92de0c8efbde34e4206577718d381944abe939134b501b8493e723c9f
                                    • Opcode Fuzzy Hash: 562cd4c18bd23cb9c26cc8642c12fbe5d014182c35e194ec5ad8bf84b9f49126
                                    • Instruction Fuzzy Hash: 0A119135508206FBDF2D5F95DC41E9E7B76AF08200F040061FA31A10A0EB719A519B54
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,siO:create_aggregate,0119A9B0,?,?,?), ref: 01192422
                                    • sqlite3_create_function.SQLITE3(?,?,?,00000001,?,00000000,Function_00002063,Function_0000216B), ref: 01192449
                                    • PyErr_SetString.PYTHON27(Error creating aggregate), ref: 01192460
                                    • PyDict_SetItem.PYTHON27(?,?), ref: 01192479
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$StringThread_get_thread_ident$Arg_Dict_FormatItemKeywordsParseTuplesqlite3_create_function
                                    • String ID: Error creating aggregate$siO:create_aggregate
                                    • API String ID: 566958269-1230574282
                                    • Opcode ID: 4728ccba0f4959cb25d91f9f3bcd34c8d6a0ec63284231a9fa0b39079630ced1
                                    • Instruction ID: 9356c169453681cbb9bf25c1ecb5b67c47e573d8da8025b18d21337a99bf09b9
                                    • Opcode Fuzzy Hash: 4728ccba0f4959cb25d91f9f3bcd34c8d6a0ec63284231a9fa0b39079630ced1
                                    • Instruction Fuzzy Hash: 20117035510205FBDF2D5FA5EC42E8E7B7AAF04604F044161FA31A20A0E771DAA5DB55
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: library routine called out of sequence$out of memory
                                    • API String ID: 0-3029887290
                                    • Opcode ID: 832541904b3838194c5c51140d2adf9f9aa1ddfb71c7c432d8d3bc39d0e89954
                                    • Instruction ID: 6fe0a50153e6e8c7c5ffcfbffa82880ab391a0eb7f9d5117e3b914b90a34f87f
                                    • Opcode Fuzzy Hash: 832541904b3838194c5c51140d2adf9f9aa1ddfb71c7c432d8d3bc39d0e89954
                                    • Instruction Fuzzy Hash: 74018432208A515ADB71A62CF811B9727E3DF80330F35851EF499C7794DF22EC85AB68
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,O:set_authorizer,0119A9C0,?), ref: 011925AB
                                    • sqlite3_set_authorizer.SQLITE3(?,Function_00002495,?), ref: 011925C3
                                    • PyErr_SetString.PYTHON27(Error setting authorizer callback), ref: 011925DA
                                    • PyDict_SetItem.PYTHON27(?,?), ref: 011925F3
                                    Strings
                                    • Error setting authorizer callback, xrefs: 011925CF
                                    • O:set_authorizer, xrefs: 011925A0
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$StringThread_get_thread_ident$Arg_Dict_FormatItemKeywordsParseTuplesqlite3_set_authorizer
                                    • String ID: Error setting authorizer callback$O:set_authorizer
                                    • API String ID: 105422174-4263844784
                                    • Opcode ID: 2860a68a29e7273ab7a298674f1a6d27fba0b5a9130eb7c2bc50fc5d89f3db95
                                    • Instruction ID: df616908d31bfc763805cd3c0f6461cf0bb6da731112288d43ce47d3ff913a07
                                    • Opcode Fuzzy Hash: 2860a68a29e7273ab7a298674f1a6d27fba0b5a9130eb7c2bc50fc5d89f3db95
                                    • Instruction Fuzzy Hash: 2201B131510202FFEF1D6F29EC0299A3BA5EF10214B188035FA37E10A4E731EA50DF14
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,s#:inet_ntoa,?), ref: 011822D1
                                    • PyErr_SetString.PYTHON27(036A9748,packed IP wrong length for inet_ntoa), ref: 011822EF
                                    • inet_ntoa.WS2_32(00000000), ref: 01182305
                                    • PyString_FromString.PYTHON27(00000000), ref: 0118230C
                                    Strings
                                    • packed IP wrong length for inet_ntoa, xrefs: 011822E9
                                    • s#:inet_ntoa, xrefs: 011822CB
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: String$Arg_Err_FromParseString_Tupleinet_ntoa
                                    • String ID: packed IP wrong length for inet_ntoa$s#:inet_ntoa
                                    • API String ID: 3267690060-621355383
                                    • Opcode ID: 350c88cba2cf7278a1d6d836534e02224f2bcc06e239dbf561ba88cf2a714a68
                                    • Instruction ID: 281ec5344c97c469165fb32c6c5a653e528822ca04d40dd474738ca1bac9d2f6
                                    • Opcode Fuzzy Hash: 350c88cba2cf7278a1d6d836534e02224f2bcc06e239dbf561ba88cf2a714a68
                                    • Instruction Fuzzy Hash: 59F08270500200AFDB28BBA8EC49C1F7BA8BB44605F44C938F956C2105E735D598CB63
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,i:htons), ref: 01182461
                                    • PyErr_SetString.PYTHON27(00000000,can't convert negative number to unsigned long), ref: 01182483
                                    • htons.WS2_32(00000000), ref: 01182491
                                    • PyInt_FromLong.PYTHON27(?), ref: 0118249B
                                    Strings
                                    • can't convert negative number to unsigned long, xrefs: 0118247D
                                    • i:htons, xrefs: 0118245B
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Err_FromInt_LongParseStringTuplehtons
                                    • String ID: can't convert negative number to unsigned long$i:htons
                                    • API String ID: 35338460-4250957409
                                    • Opcode ID: b47a613f3ec2d377aa8ad0af844d9447f74858cdc564b3b5e7df8aa9a959b683
                                    • Instruction ID: 8aae3318757e218eddc8b8d8c29e27065634215fc02d9f5dedbba356bfa7f323
                                    • Opcode Fuzzy Hash: b47a613f3ec2d377aa8ad0af844d9447f74858cdc564b3b5e7df8aa9a959b683
                                    • Instruction Fuzzy Hash: 3EF065B06042015FDA1CEB69EC48E2E73ECAF4020AB10C478FC56C2146E731D458DB65
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,i:ntohs), ref: 01182559
                                    • PyErr_SetString.PYTHON27(00000000,can't convert negative number to unsigned long), ref: 0118257B
                                    • htons.WS2_32(00000000), ref: 01182589
                                    • PyInt_FromLong.PYTHON27(?), ref: 01182593
                                    Strings
                                    • can't convert negative number to unsigned long, xrefs: 01182575
                                    • i:ntohs, xrefs: 01182553
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Err_FromInt_LongParseStringTuplehtons
                                    • String ID: can't convert negative number to unsigned long$i:ntohs
                                    • API String ID: 35338460-611984455
                                    • Opcode ID: 66c432437cc847c329fdd8e0fd729033e60ce3c2526115a4f7fadcd1561f4747
                                    • Instruction ID: 6c5e17b4a2c5df87fe6186049bdbe3bb44b10d7a65e57c7997d22633d20bdafa
                                    • Opcode Fuzzy Hash: 66c432437cc847c329fdd8e0fd729033e60ce3c2526115a4f7fadcd1561f4747
                                    • Instruction Fuzzy Hash: 4FF030B06041019BDA1CEB65EC49A2F77E8AB40206B10C478FC56C2246E771D454CB62
                                    APIs
                                    • sqlite3_result_text.SQLITE3(?,integer,000000FF,00000000), ref: 02DB4192
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_result_text
                                    • String ID: blob$integer$null$real$text
                                    • API String ID: 2505598765-3212050693
                                    • Opcode ID: 6b6dc6c56361eec238c519e907e67af0906de46d0720360b97cdab18ea37ae2e
                                    • Instruction ID: 61fe9ed989cca58401f5a808c7182b4eceae888aec84ad0fa300120e7c8936a3
                                    • Opcode Fuzzy Hash: 6b6dc6c56361eec238c519e907e67af0906de46d0720360b97cdab18ea37ae2e
                                    • Instruction Fuzzy Hash: 75E04F20E28A55EBC992DB495D30AB32369FF702D8F99824370A3FA3D2D620CC00C752
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __iob_funcfopen
                                    • String ID: .\crypto\ui\ui_openssl.c$con
                                    • API String ID: 3795613971-456364576
                                    • Opcode ID: fd5c7092b11b0f0a8de5395b79027b0612ea40bd4b0ac99b30a43d472e51e037
                                    • Instruction ID: bbff81daeab3c190774f5aa1132b3ac7ee633208052f09491b843c500f32a0f6
                                    • Opcode Fuzzy Hash: fd5c7092b11b0f0a8de5395b79027b0612ea40bd4b0ac99b30a43d472e51e037
                                    • Instruction Fuzzy Hash: ECF030F4A913866EEF00EF6D5D0AB5C35589701644F440079E944F9183F6AAD880C752
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncpy
                                    • String ID: .\crypto\dso\dso_win32.c
                                    • API String ID: 3301158039-1566349280
                                    • Opcode ID: 5985d4a88c6296110d02c48d053261687684aec23dd0abc32c4575e38f4a78fe
                                    • Instruction ID: 3495c7700bdffd6142f43faf7b6e51eebfe498c4c89a6283d3f185f5833fc4f8
                                    • Opcode Fuzzy Hash: 5985d4a88c6296110d02c48d053261687684aec23dd0abc32c4575e38f4a78fe
                                    • Instruction Fuzzy Hash: 1D71C6B4A047039FC734DE29C880AA7F3F5BB84704F188A2DE59A8B345EB74E445CB91
                                    APIs
                                    • isdigit.MSVCR90 ref: 03F6AF70
                                    • isdigit.MSVCR90 ref: 03F6AFD9
                                      • Part of subcall function 03F6A6A0: memcpy.MSVCR90(00000000,?,?,VC-WIN32,03F61272,00000000), ref: 03F6A6E3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: isdigit$memcpy
                                    • String ID: *$*$@
                                    • API String ID: 1146307149-3505232849
                                    • Opcode ID: 316156c4496a359906068949093a77d7f7cdcb29fd6deb974349d253e8718ce0
                                    • Instruction ID: 23fe8eae3cc25293cf07d7f7c04f367e5c03a38503084172c3a7e2da4a9ac3f1
                                    • Opcode Fuzzy Hash: 316156c4496a359906068949093a77d7f7cdcb29fd6deb974349d253e8718ce0
                                    • Instruction Fuzzy Hash: C10277B19183429FC710CF2AC880A2BFBE4BF99604F18491DF5DAD7351E375EA458B92
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strchr
                                    • String ID: characters$ to $.\crypto\ui\ui_lib.c$You must type in
                                    • API String ID: 2830005266-4217432444
                                    • Opcode ID: f16caecb9f3a98a50dee02dc244cf9459e434a86ae1c138480ef8aafa4d7a10a
                                    • Instruction ID: 05758d8289f2ad366a232ac222143056896622126ef63e6c91a74a22ea6150cf
                                    • Opcode Fuzzy Hash: f16caecb9f3a98a50dee02dc244cf9459e434a86ae1c138480ef8aafa4d7a10a
                                    • Instruction Fuzzy Hash: 1C51BB767447005FD724DB6AEC82F6BB3E8BF89710F08055DE6968B380E7A5E904C3A1
                                    APIs
                                    • sqlite3_malloc.SQLITE3(?,?,02DE2378,02DE25B8,00000000), ref: 02D9653C
                                      • Part of subcall function 02D92AE5: sqlite3_initialize.SQLITE3 ref: 02D92AEB
                                    • sqlite3_malloc.SQLITE3(00000200,?,?,02DE2378,02DE25B8,00000000), ref: 02D96549
                                    • _memset.LIBCMT ref: 02D96575
                                    • sqlite3_randomness.SQLITE3(00000004,?,?,?,?,02DE2378,02DE25B8,00000000), ref: 02D965C6
                                    • sqlite3_free.SQLITE3(?,02DE2378,02DE25B8,00000000), ref: 02D9669A
                                    • sqlite3_free.SQLITE3(?,?,02DE2378,02DE25B8,00000000), ref: 02D966A2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_malloc$_memsetsqlite3_initializesqlite3_randomness
                                    • String ID:
                                    • API String ID: 2519412214-0
                                    • Opcode ID: ee932f04bb7f6acaec261f7a52660127dae130136bdba4b4bfb24eaf7b93615f
                                    • Instruction ID: b8f24167c3d30cfdbef51d253f1546d3511917b436857ebb364d7be98bc21a39
                                    • Opcode Fuzzy Hash: ee932f04bb7f6acaec261f7a52660127dae130136bdba4b4bfb24eaf7b93615f
                                    • Instruction Fuzzy Hash: 0D51B172E04159ABCF14DF98C8446AEBBBAEF44314F1481A9E951AB394D731EE41CFD0
                                    APIs
                                    • PyDict_GetItem.PYTHON27(?,?), ref: 01191120
                                    • PyDict_Size.PYTHON27(?), ref: 011911B2
                                    • PyDict_DelItem.PYTHON27(?,?), ref: 011911CB
                                    • PyObject_CallFunction.PYTHON27(?,011973F4,?), ref: 01191208
                                    • PyType_GenericAlloc.PYTHON27(0119AD68,00000000), ref: 0119121E
                                    • PyDict_SetItem.PYTHON27(?,?,00000000), ref: 0119125B
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Dict_$Item$AllocCallFunctionGenericObject_SizeType_
                                    • String ID:
                                    • API String ID: 2046548254-0
                                    • Opcode ID: 1ab4db6c7f7f6469780893c66e49f1d7d47bd62118b96e888987520f7bf26782
                                    • Instruction ID: e8bc9afd37455e7116c67903bf9c19302d44f851525a9bff038a34a89cb9c301
                                    • Opcode Fuzzy Hash: 1ab4db6c7f7f6469780893c66e49f1d7d47bd62118b96e888987520f7bf26782
                                    • Instruction Fuzzy Hash: D951AFB5600601EFDF2DCF18E984866BBF2FF4472132445ADE9668B656D731E880CBD1
                                    APIs
                                    • PyList_New.PYTHON27(00000000,?,?,01192952), ref: 01192222
                                    • PyList_Size.PYTHON27(?,?,?,01192952), ref: 01192233
                                    • PyList_GetItem.PYTHON27(?,00000000,?,01192952), ref: 01192242
                                    • PyWeakref_GetObject.PYTHON27(00000000), ref: 0119224B
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 0119225E
                                    • PyList_Size.PYTHON27(?), ref: 0119226E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$Size$AppendItemObjectWeakref_
                                    • String ID:
                                    • API String ID: 3602642088-0
                                    • Opcode ID: c1bac2828f3b02bd59f4287fa213c496f0f99adba07f29756591f1b9db61708d
                                    • Instruction ID: 135a3b07a1c210a9301c198b5b7b2bddd8a17ec3a316e85ac1b7e22d71214299
                                    • Opcode Fuzzy Hash: c1bac2828f3b02bd59f4287fa213c496f0f99adba07f29756591f1b9db61708d
                                    • Instruction Fuzzy Hash: AD119475104301EFDB3C9F64E8889167BB5FF05352710047EF92686551DB32E880CF10
                                    APIs
                                    • PyList_New.PYTHON27(00000000,?,?,0119197F), ref: 011922BC
                                    • PyList_Size.PYTHON27(?,00000000,?,0119197F), ref: 011922CD
                                    • PyList_GetItem.PYTHON27(?,00000000,0119197F), ref: 011922DC
                                    • PyWeakref_GetObject.PYTHON27(00000000), ref: 011922E5
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 011922F8
                                    • PyList_Size.PYTHON27(?), ref: 01192308
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$Size$AppendItemObjectWeakref_
                                    • String ID:
                                    • API String ID: 3602642088-0
                                    • Opcode ID: 730400c94ce829a22ff7e7da5d63b6c6bdebc5143cf61d933bed6efa839ee1ff
                                    • Instruction ID: 7f5fe036d036a29eed932f155225b7a69b0395ba67166bb5c6e4e0a15cef4e7a
                                    • Opcode Fuzzy Hash: 730400c94ce829a22ff7e7da5d63b6c6bdebc5143cf61d933bed6efa839ee1ff
                                    • Instruction Fuzzy Hash: 5911A375108605EFDB3D9F64E88892A7BB6FF0A722750043EF63682591DB32E980CF10
                                    APIs
                                    • PyGILState_Ensure.PYTHON27 ref: 0119251D
                                    • PyObject_CallFunction.PYTHON27(?,011979D8), ref: 0119252E
                                    • PyErr_Print.PYTHON27 ref: 01192544
                                    • PyErr_Clear.PYTHON27 ref: 0119254C
                                    • PyObject_IsTrue.PYTHON27(00000000), ref: 01192558
                                    • PyGILState_Release.PYTHON27(00000000), ref: 0119256E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Object_State_$CallClearEnsureFunctionPrintReleaseTrue
                                    • String ID:
                                    • API String ID: 1813655498-0
                                    • Opcode ID: c3364f3c5c6ad8a121231c132568d0e0b7b793e360b8f1c9a9958191e585a082
                                    • Instruction ID: ca26702a5635949f183afbe9b771158d0d71fe74d3a92d4a20d2a8c5f27a514b
                                    • Opcode Fuzzy Hash: c3364f3c5c6ad8a121231c132568d0e0b7b793e360b8f1c9a9958191e585a082
                                    • Instruction Fuzzy Hash: C6F05B76215111DFDF3D6B64F94C89D77A5EF457623110479F533C2185DB3088418F65
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: signal
                                    • String ID:
                                    • API String ID: 1946981877-0
                                    • Opcode ID: b8c9cf5c46af87f5cac262ba387a4672ee59df8e8969172d4b5b550290096533
                                    • Instruction ID: df6b763e447f869fc4e47294eae3d2072b9655f18d0ac1a770ea4b08031a693b
                                    • Opcode Fuzzy Hash: b8c9cf5c46af87f5cac262ba387a4672ee59df8e8969172d4b5b550290096533
                                    • Instruction Fuzzy Hash: 0DF01FF4AD2B4E6DDE00FF7D5F86B5D3671AF41A05F001439E1107E182DABEAC819625
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: signal
                                    • String ID:
                                    • API String ID: 1946981877-0
                                    • Opcode ID: 59e12ddf525ae3be288bbab35d9d7a7a9e97d01027ec082470559653bd0c14cf
                                    • Instruction ID: bd4ae5fa25f4775470585fc81cc3220902611e4387230787001e93a18abf9334
                                    • Opcode Fuzzy Hash: 59e12ddf525ae3be288bbab35d9d7a7a9e97d01027ec082470559653bd0c14cf
                                    • Instruction Fuzzy Hash: 13E059A92E13456AEE14EB989F42F7A7339FB84B00F40511C76045E186DAAA6C408772
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __aulldvrm$__aullremsqlite3_free
                                    • String ID: -
                                    • API String ID: 1878043983-2547889144
                                    • Opcode ID: c03d9920d4b09dda5b44f1f0188c4e0ecdc9c7cfc84ff5d44be03b6d7c06b587
                                    • Instruction ID: 2dd9714fd5f58eb3be771011550dc7cd4ff58a343149918d8d67bb65b36e452c
                                    • Opcode Fuzzy Hash: c03d9920d4b09dda5b44f1f0188c4e0ecdc9c7cfc84ff5d44be03b6d7c06b587
                                    • Instruction Fuzzy Hash: FD6157706097829FDB66CF68C54476ABBE1AF86708F08899DF8C88B351D770CD48CB52
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\x509v3\v3_utl.c
                                    • API String ID: 0-4155010023
                                    • Opcode ID: 3295351ff5a12f4dcee3d3ccc30ab839b2b2f38d372cbdea84b5b974e265115c
                                    • Instruction ID: 01a55e493e9d3123e5b136cb367a2663473c5656533c3caf04e08cfd5519d53e
                                    • Opcode Fuzzy Hash: 3295351ff5a12f4dcee3d3ccc30ab839b2b2f38d372cbdea84b5b974e265115c
                                    • Instruction Fuzzy Hash: 4641AB66F957422FEB10EA386C12BEBB784CB52791F0C006AF685CF2C3D686D0499391
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,|O:peer_certificate,?), ref: 03FD2BB0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_ParseTuple
                                    • String ID: |O:peer_certificate
                                    • API String ID: 3371842430-2111706825
                                    • Opcode ID: 3bc032d279c00bf538aef1c7d132de67b2c1bd4f97eb31549087c92c65d9924b
                                    • Instruction ID: c0201fe9bfbb61151758709b2c543f14bdd4ab809638cddbf4b7d7d87113bac2
                                    • Opcode Fuzzy Hash: 3bc032d279c00bf538aef1c7d132de67b2c1bd4f97eb31549087c92c65d9924b
                                    • Instruction Fuzzy Hash: AD2195B9D00301ABCA10FB68FD59A9B73A9AF44706F484829F949C3204F735E918C7A3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\err\err_str.c$Operation not permitted$unknown
                                    • API String ID: 0-2354449606
                                    • Opcode ID: 9ad10ea38fa7022f4514929fb9c380f7a1e229796353dc9a177fd0c0739cd8ca
                                    • Instruction ID: b0a64ee1572725716451954df686aa6fd4e0b553b6a54142bf1f03e9eef8c57d
                                    • Opcode Fuzzy Hash: 9ad10ea38fa7022f4514929fb9c380f7a1e229796353dc9a177fd0c0739cd8ca
                                    • Instruction Fuzzy Hash: 9B11E179FC034A6AFA30AA009D83F65B2569B00B15F180028FB087D2D2E9F751C04296
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                    • PyObject_CallMethod.PYTHON27(?,close,011979D8), ref: 011919F4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Thread_get_thread_ident$CallErr_FormatMethodObject_
                                    • String ID: close
                                    • API String ID: 2142184360-318865860
                                    • Opcode ID: 26761670756fedac13075f1509c7c0eda4683a3c241aff1a86c1f5e6918d1154
                                    • Instruction ID: 9469919a666102b8d5aa06c0216e60f0b8027ad4418a23339a80442788f40717
                                    • Opcode Fuzzy Hash: 26761670756fedac13075f1509c7c0eda4683a3c241aff1a86c1f5e6918d1154
                                    • Instruction Fuzzy Hash: 1E11AC36210746EFCF2C9F69F884896B7E5EF05222724886EF16687291DB75ECC18B50
                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,|i:fetchmany,0119A74C,?), ref: 0119418D
                                    • PyList_New.PYTHON27(00000000), ref: 0119419C
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 011941C0
                                    • PyErr_Occurred.PYTHON27 ref: 011941DF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$AppendArg_Err_KeywordsOccurredParseTuple
                                    • String ID: |i:fetchmany
                                    • API String ID: 2964163878-3562295967
                                    • Opcode ID: 8f293d7bff3d75b2f780e29e330664a8dcfd0ad7dc530593f159ee3d1b2d8cbc
                                    • Instruction ID: a12a16b1ff03b6b44389e4d4328f322fff2b4f294cb3ed748b62175cdb5212cf
                                    • Opcode Fuzzy Hash: 8f293d7bff3d75b2f780e29e330664a8dcfd0ad7dc530593f159ee3d1b2d8cbc
                                    • Instruction Fuzzy Hash: 4711BFB2200114EF8F2DAF59D98489E7BB8EF256613100076F925C6542DB30EA82CBA0
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,Oi:set_progress_handler,0119A9C8,?,?), ref: 01192648
                                    • sqlite3_progress_handler.SQLITE3(?,00000000,00000000,00000000), ref: 01192668
                                    • sqlite3_progress_handler.SQLITE3(?,?,0119251A,?), ref: 0119267E
                                    • PyDict_SetItem.PYTHON27(?,?,?,?,0119251A,?), ref: 0119268F
                                    Strings
                                    • Oi:set_progress_handler, xrefs: 0119263D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Thread_get_thread_identsqlite3_progress_handler$Arg_Dict_FormatItemKeywordsParseStringTuple
                                    • String ID: Oi:set_progress_handler
                                    • API String ID: 2816014213-3973601247
                                    • Opcode ID: ea49319a7f9b9478f454c914650298f77c5eab055d5408c91ff2a0f5f0829193
                                    • Instruction ID: 7cc5147d8534bf57cfe7b1dc4c8c08bce437695c45391ba3e516c34c22bc4dc2
                                    • Opcode Fuzzy Hash: ea49319a7f9b9478f454c914650298f77c5eab055d5408c91ff2a0f5f0829193
                                    • Instruction Fuzzy Hash: E6117C34510505FFEF1DAF59DC41CAA3BB9EF11204B040461FD36D20A0E771EA519BA0
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DAE232
                                    • sqlite3_value_text.SQLITE3(?,?), ref: 02DAE23C
                                    • sqlite3_result_text.SQLITE3(?,00000000,000000FF,Function_00002D0C,%.*s"%w"%s,?,00000000,?,?), ref: 02DAE2A6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_result_text
                                    • String ID: %.*s"%w"%s$x
                                    • API String ID: 380805339-1533084159
                                    • Opcode ID: 30c6051276e5ed71aa108994de97735a83cd08a957021fd1a4893e551d5ee433
                                    • Instruction ID: 092e8bd34e4793d8997024d946a65e987064dad97dd326ae0e4073c93ddf5b00
                                    • Opcode Fuzzy Hash: 30c6051276e5ed71aa108994de97735a83cd08a957021fd1a4893e551d5ee433
                                    • Instruction Fuzzy Hash: 74112A72A00249BBEF149FA9CC54D9E7BBAEF40354F1485A9F810A3390D7709E54CBA0
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,011980F8,00000000,?), ref: 01194B84
                                    • PyObject_IsInstance.PYTHON27(?,0119A8A8), ref: 01194B9E
                                    • PyErr_SetString.PYTHON27(1E1F1244,tuple required for second argument), ref: 01194BB6
                                    Strings
                                    • instance of cursor required for first argument, xrefs: 01194BAA
                                    • tuple required for second argument, xrefs: 01194BCF
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Err_InstanceObject_ParseStringTuple
                                    • String ID: instance of cursor required for first argument$tuple required for second argument
                                    • API String ID: 3956123382-3759176423
                                    • Opcode ID: ac12bcad2100f3802c6a00c4021079a3f146952f7700dc5c5bc9fc443b6d92bf
                                    • Instruction ID: e656fc85fff06bd52e0ffb5b13be18f0a8e3932b7b09e7e4eec28fb78779793a
                                    • Opcode Fuzzy Hash: ac12bcad2100f3802c6a00c4021079a3f146952f7700dc5c5bc9fc443b6d92bf
                                    • Instruction Fuzzy Hash: F1119A35610604EFDF18CF19D945F9977E8EF05325F108469F82A976A1E730E9418F41
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,s:gethostbyname_ex,?), ref: 01185060
                                    • PyEval_SaveThread.PYTHON27 ref: 01185092
                                    • gethostbyname.WS2_32(?), ref: 0118509F
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 011850A8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Arg_ParseRestoreSaveTuplegethostbyname
                                    • String ID: s:gethostbyname_ex
                                    • API String ID: 1746368274-184080469
                                    • Opcode ID: cdb7870ab7312f20ddf107729c846b558f8dd150abb787970aaf27af51bb6266
                                    • Instruction ID: 665617cfc57d6d51c7778e27f8ffcfd0f5cf4ab4f9f9ca2e5827e1a28070e80f
                                    • Opcode Fuzzy Hash: cdb7870ab7312f20ddf107729c846b558f8dd150abb787970aaf27af51bb6266
                                    • Instruction Fuzzy Hash: A701B5729042006BD314AB68AC09A6F33ECDBC4621F04C569FD58C2145FA31D518C7A2
                                    APIs
                                    • sqlite3_aggregate_context.SQLITE3(?,00000000), ref: 02DB5324
                                    • sqlite3_result_error.SQLITE3(?,integer overflow,000000FF), ref: 02DB5348
                                    • sqlite3_result_double.SQLITE3(?,00000000,00000000), ref: 02DB535C
                                    • sqlite3_result_int64.SQLITE3(?,?,?), ref: 02DB536A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_aggregate_contextsqlite3_result_doublesqlite3_result_errorsqlite3_result_int64
                                    • String ID: integer overflow
                                    • API String ID: 3779139978-1678498654
                                    • Opcode ID: 88f42095c6f6b3019e0f232089cc7c5725c9807855d5c948fe82594cfebdef10
                                    • Instruction ID: 60bda4fcc7253edaf5f3e99cbd4033b5b42fc1ccf1287a8b5d909a7f6212d49d
                                    • Opcode Fuzzy Hash: 88f42095c6f6b3019e0f232089cc7c5725c9807855d5c948fe82594cfebdef10
                                    • Instruction Fuzzy Hash: 61F02862809695EEDB165B547CA0CE93749DE05324B4D02DEE4D30B3659BA28E40C7E6
                                    APIs
                                    • PyObject_CallMethod.PYTHON27(?,cursor,011979D8), ref: 01192A10
                                    • PyObject_GetAttrString.PYTHON27(00000000,execute), ref: 01192A26
                                    • PyObject_CallObject.PYTHON27(00000000,?), ref: 01192A39
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Object_$Call$AttrMethodObjectString
                                    • String ID: cursor$execute
                                    • API String ID: 4200570768-3370590361
                                    • Opcode ID: 6e483bd4fd078615835ffbe51376ed74b2a3a2dc3f2d0e8a723a347269e6a0e8
                                    • Instruction ID: 3c72fe05d1ecc0aeda3127b3467dee4142df9cf009ac073a1cbc7ae198850581
                                    • Opcode Fuzzy Hash: 6e483bd4fd078615835ffbe51376ed74b2a3a2dc3f2d0e8a723a347269e6a0e8
                                    • Instruction Fuzzy Hash: BBF0C237214611AFDB3E4F1EEC0895A7BE5EFC9A31315002EF83086696DB39C5028B84
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,OOO,?,?,?), ref: 01192E84
                                    • PyObject_CallMethod.PYTHON27(?,rollback,011979D8), ref: 01192EBC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_CallMethodObject_ParseTuple
                                    • String ID: OOO$commit$rollback
                                    • API String ID: 3002588315-1096579726
                                    • Opcode ID: 54cb05bf613358ad01edc079fd46d7b691062b9db63ecb14dbe11d8fadedbefe
                                    • Instruction ID: f2d4104b7a5daf1348862b429a472309281111b15b5ff214f4f029dfc41e9501
                                    • Opcode Fuzzy Hash: 54cb05bf613358ad01edc079fd46d7b691062b9db63ecb14dbe11d8fadedbefe
                                    • Instruction Fuzzy Hash: 14016275A10108FFCF2ECB5CE98599A77B9EF04205B0440B2F835E6192E730DA80CF94
                                    APIs
                                    • PyObject_CallMethod.PYTHON27(?,cursor,011979D8), ref: 01192A79
                                    • PyObject_GetAttrString.PYTHON27(00000000,executemany), ref: 01192A8F
                                    • PyObject_CallObject.PYTHON27(00000000,?), ref: 01192AA2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Object_$Call$AttrMethodObjectString
                                    • String ID: cursor$executemany
                                    • API String ID: 4200570768-255793411
                                    • Opcode ID: fd00f0dbb96515f1f0cba666e65a2a39a5583e93d28f6e0a123c365a8dc691bb
                                    • Instruction ID: ad19bcd4667d8a140d9718d8394619ed2a484eaaac4db48a0ba60614e1bbb4f8
                                    • Opcode Fuzzy Hash: fd00f0dbb96515f1f0cba666e65a2a39a5583e93d28f6e0a123c365a8dc691bb
                                    • Instruction Fuzzy Hash: 75F02233614211AFDB3E8E1CF80895E3BA2EF85630319042EF83097689EB35C802CBD4
                                    APIs
                                    • PyObject_CallMethod.PYTHON27(?,cursor,011979D8), ref: 01192AE2
                                    • PyObject_GetAttrString.PYTHON27(00000000,executescript), ref: 01192AF8
                                    • PyObject_CallObject.PYTHON27(00000000,?), ref: 01192B0B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Object_$Call$AttrMethodObjectString
                                    • String ID: cursor$executescript
                                    • API String ID: 4200570768-859656652
                                    • Opcode ID: b2f828264703de5288d54c19590c8dcedd9c85d16ab1024ee59fc8a999ba3f8f
                                    • Instruction ID: 3879f31d60260a810b425b657b06d2856b6dcc18aa91e38c21408114cb50cbe0
                                    • Opcode Fuzzy Hash: b2f828264703de5288d54c19590c8dcedd9c85d16ab1024ee59fc8a999ba3f8f
                                    • Instruction Fuzzy Hash: C3F0A937215611AF9B2E0E1DE808D6A7BE5EF85631324042AF83287286EB31C8029B84
                                    APIs
                                    • sqlite3_overload_function.SQLITE3(00000000,MATCH,00000002), ref: 02DB560F
                                      • Part of subcall function 02DC8D99: sqlite3_mutex_enter.SQLITE3(?), ref: 02DC8DAF
                                      • Part of subcall function 02DC8D99: sqlite3_mutex_leave.SQLITE3(?,00000000), ref: 02DC8DF2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_overload_function
                                    • String ID: MATCH$sqlite_rename_parent$sqlite_rename_table$sqlite_rename_trigger
                                    • API String ID: 559725938-2772095333
                                    • Opcode ID: 6044ccdd07c66abcb5fb6c842c15baad32db31e7ba47e3294c9c1205bfa65d0b
                                    • Instruction ID: 2bdd4d7bd6b143046ec70c0b9e9000da9dca5a762d8976cee1525f59ab5213fe
                                    • Opcode Fuzzy Hash: 6044ccdd07c66abcb5fb6c842c15baad32db31e7ba47e3294c9c1205bfa65d0b
                                    • Instruction Fuzzy Hash: 9EF0F8F0BC1B5939F93229206CD3FAB124ECB11B89F908019B242793C1A5C65E4881B6
                                    APIs
                                    • PyOS_snprintf.PYTHON27(?,00000800,_ssl.c:%d: %s,?,00000000,00000000,00000000), ref: 03FD130A
                                    • Py_BuildValue.PYTHON27((is),00000000,?), ref: 03FD1320
                                    • PyErr_SetObject.PYTHON27(036AAE28,00000000), ref: 03FD1336
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildErr_ObjectS_snprintfValue
                                    • String ID: (is)$_ssl.c:%d: %s
                                    • API String ID: 2553083448-2533907726
                                    • Opcode ID: 37614d9b1cd61b74aa1602c8eac8c025030d759925cf57e7a7640ec5910b8fe5
                                    • Instruction ID: dafc8c132d35684124bd43f42d43315feba55f9f2cd22a219801b5a0c37ea353
                                    • Opcode Fuzzy Hash: 37614d9b1cd61b74aa1602c8eac8c025030d759925cf57e7a7640ec5910b8fe5
                                    • Instruction Fuzzy Hash: CAF0F4759022116BD220FBB0DC09EEF76A8FF44711F184228F99486184DE29A9068BE2
                                    APIs
                                    • PyErr_Format.PYTHON27(?,RAND_egd() expected string, found %s,?), ref: 03FD0FE0
                                    • PyErr_SetString.PYTHON27(036AAE28,EGD connection failed or EGD did not return enough data to seed the PRNG), ref: 03FD1006
                                    Strings
                                    • RAND_egd() expected string, found %s, xrefs: 03FD0FDA
                                    • EGD connection failed or EGD did not return enough data to seed the PRNG, xrefs: 03FD1000
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$FormatString
                                    • String ID: EGD connection failed or EGD did not return enough data to seed the PRNG$RAND_egd() expected string, found %s
                                    • API String ID: 4212644371-2904210411
                                    • Opcode ID: 427a0424faaa55aec48e1f5117ec3b0e4522ab9728398ec4c0ee990cfd1c8dbc
                                    • Instruction ID: 645a695bca4c84986c20b27c34249112eb84f865949bd485ff8f075c76f56e0e
                                    • Opcode Fuzzy Hash: 427a0424faaa55aec48e1f5117ec3b0e4522ab9728398ec4c0ee990cfd1c8dbc
                                    • Instruction Fuzzy Hash: 1FF02EB8E012015FC610FB38FC5DD197325FF40219F588158FD05C7265C736D424D652
                                    APIs
                                    Strings
                                    • .\crypto\ui\ui_openssl.c, xrefs: 03FAB879
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __iob_funcfclose
                                    • String ID: .\crypto\ui\ui_openssl.c
                                    • API String ID: 1178790673-499793520
                                    • Opcode ID: 504b13062bfb8d1f7ddb672defde19f09942f5a96c68007f6c2f8481295fa309
                                    • Instruction ID: b04f2fd6f28727aa118e962f3ea2dcb14f6fec8ba304156a6e72df28e0a87479
                                    • Opcode Fuzzy Hash: 504b13062bfb8d1f7ddb672defde19f09942f5a96c68007f6c2f8481295fa309
                                    • Instruction Fuzzy Hash: 41E04FE8F9038656EE18E6785D29F6D32054711A48F48047CE646FE282E85AE8808222
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\ssl\s3_clnt.c$p
                                    • API String ID: 0-732194162
                                    • Opcode ID: 4cf392d44fc4df884a070c356bfb74abf34ac61b685d6b2e6d69c7aee2eccd82
                                    • Instruction ID: 19296a23a2efb8745e1768902e488b7cbebe80c9bcc5267917b301937bca8bab
                                    • Opcode Fuzzy Hash: 4cf392d44fc4df884a070c356bfb74abf34ac61b685d6b2e6d69c7aee2eccd82
                                    • Instruction Fuzzy Hash: 88E119F5740305AFE610EF65CC41FABB6A9AF54708F48442DF9569F282D6A1F90087A3
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02D9FFF5
                                      • Part of subcall function 02D99F9A: sqlite3_mutex_try.SQLITE3(?,02D9C322,?,?,?,?,00000000,02DA21D6,?,?,?,02DA1C88,?,00000000,?,02DA0AB7), ref: 02D99FAF
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DA000C
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02DA0313
                                    • sqlite3_mutex_leave.SQLITE3(000000FF), ref: 02DA03B3
                                    • sqlite3_mutex_leave.SQLITE3(000000FF), ref: 02DA03C7
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$Unothrow_t@std@@@__ehfuncinfo$??2@sqlite3_mutex_try
                                    • String ID:
                                    • API String ID: 763189402-0
                                    • Opcode ID: 00dfd68c9164e7581da59706f7ba8f85b29375151f75d866cc8e18061c1c4d1a
                                    • Instruction ID: 307908b829f95f7dd129f634f35233ac799c344c8615939448b840822f7be6e0
                                    • Opcode Fuzzy Hash: 00dfd68c9164e7581da59706f7ba8f85b29375151f75d866cc8e18061c1c4d1a
                                    • Instruction Fuzzy Hash: 7DD138716087019FDB15DF18D891B6AB7E2EF88321F258859F8989B351DB30EC45CFA2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $.\ssl\s3_clnt.c$/$F
                                    • API String ID: 0-812271896
                                    • Opcode ID: f684a632afc9c3f59459c1b9bfbc29b8dc04fced3ff22a1dc29711da95766456
                                    • Instruction ID: 70905583a501b72cc3856583c843c6a6ff82e62dd317316dad61f2fe75d2d6fc
                                    • Opcode Fuzzy Hash: f684a632afc9c3f59459c1b9bfbc29b8dc04fced3ff22a1dc29711da95766456
                                    • Instruction Fuzzy Hash: 95D115F1A40301ABEB20DB16DC81FAB77B9AB41714F5844A9F95A6F283D372E904C761
                                    APIs
                                    • memcpy.MSVCR90(?,?,00000000), ref: 03FC7CAC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy
                                    • String ID: .\ssl\t1_enc.c$IV block$client write key$server write key
                                    • API String ID: 3510742995-2198003478
                                    • Opcode ID: 3dfc7d95e930e2a10559313744e4dc4c6e01ad5e3f4687e765132438c195ab26
                                    • Instruction ID: b96253508208030956abc1840307a59d299ee875435727fa742e0f4ebed898da
                                    • Opcode Fuzzy Hash: 3dfc7d95e930e2a10559313744e4dc4c6e01ad5e3f4687e765132438c195ab26
                                    • Instruction Fuzzy Hash: 12E1BF75A543869FD724DF14C981BAAB3E4BF88304F04892DF9499B391DB70E948CF92
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memset
                                    • String ID: .\crypto\pkcs12\p12_key.c
                                    • API String ID: 2221118986-3219245189
                                    • Opcode ID: 94def0d40f81f9b0f4b4a6f7e8adc3cfb187f6c5dabf9d8536bbb1e23632291b
                                    • Instruction ID: 6a671506332f0c17096244a0309e090dcc392a2369f5e0dd31ebdc68e74cceae
                                    • Opcode Fuzzy Hash: 94def0d40f81f9b0f4b4a6f7e8adc3cfb187f6c5dabf9d8536bbb1e23632291b
                                    • Instruction Fuzzy Hash: FBA192B9628341ABE710EB68CC84F6FB7E9AFC4744F04091EF5858B251D675E908C7A2
                                    APIs
                                    • memcpy.MSVCR90(?,?,00000000,?), ref: 03F80D13
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy
                                    • String ID: .\crypto\evp\p5_crpt.c$EVP_CIPHER_iv_length(cipher) <= 16$EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
                                    • API String ID: 3510742995-1101013461
                                    • Opcode ID: 4fdeee82c35db767ff2da997b44743b33aeaa3cf327bb15b59935eeab64333b5
                                    • Instruction ID: bd3aa780dda77d1486c83c6b439fca0ff15827f46ba656d6ae733424b7af83b8
                                    • Opcode Fuzzy Hash: 4fdeee82c35db767ff2da997b44743b33aeaa3cf327bb15b59935eeab64333b5
                                    • Instruction Fuzzy Hash: 8751E6BAA183017BD224FB64DC81FDF73ECAF88604F44491EF5499B141EA75E54887A3
                                    APIs
                                    • memcpy.MSVCR90(00000011,00000000,00000010,?,?,?,03F872F0,00000001,00000001,?,00000001,00000000,00000000,03F794B9,?,00000000), ref: 03F7C815
                                    • memcpy.MSVCR90(00000021,00000011,00000010,?,?,?,03F872F0,00000001,00000001,?,00000001,00000000,00000000,03F794B9,?,00000000), ref: 03F7C82B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy
                                    • String ID: .\crypto\evp\enc_min.c$EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->iv)$ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 || ctx->cipher->block_size == 16
                                    • API String ID: 3510742995-4286973276
                                    • Opcode ID: 1a3687ffd7e0fde2397a846b96151a7e84263406d5f6815c45f85339953e72b5
                                    • Instruction ID: 6ccfeb5db863543a55e69cbaa9d20ff4007a5dfeff9e1de94c81dc6007970026
                                    • Opcode Fuzzy Hash: 1a3687ffd7e0fde2397a846b96151a7e84263406d5f6815c45f85339953e72b5
                                    • Instruction Fuzzy Hash: 835100F6A003019FDB20DF54DCC0E6AB3A5AB45B14F1D499EEA09AF286D771E841CB91
                                    APIs
                                    • sqlite3_value_text.SQLITE3 ref: 02DB500C
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB5022
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB5051
                                    • sqlite3_free.SQLITE3(00000000), ref: 02DB51C0
                                    • sqlite3_result_text.SQLITE3(?,?,?,000000FF), ref: 02DB51D3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_freesqlite3_result_textsqlite3_value_bytes
                                    • String ID:
                                    • API String ID: 1773578488-0
                                    • Opcode ID: 1ad09589dcd036c11b3732954341c3e3fd365b11bc9076ee2fb5822fd0017ce5
                                    • Instruction ID: fc07cc99373e9bd0e39a3a460e2f7e5feb42f9f20ca6163a885bb68e8f4663ee
                                    • Opcode Fuzzy Hash: 1ad09589dcd036c11b3732954341c3e3fd365b11bc9076ee2fb5822fd0017ce5
                                    • Instruction Fuzzy Hash: CD51DD31808342DFD716CF28E8606AABBE2EF85364FA8895DE4D257390D7319C45CF92
                                    APIs
                                    • strncmp.MSVCR90 ref: 03FCE804
                                    • memcpy.MSVCR90(00000000,?), ref: 03FCE88C
                                    • memcpy.MSVCR90(00000000,?,?,00000000,?), ref: 03FCE8A1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$strncmp
                                    • String ID: .\crypto\x509\by_dir.c
                                    • API String ID: 2397129164-1513729148
                                    • Opcode ID: 4fd6b64d489eeee07b9002feb7b4567ad06b9f3a236fe77f88528e8b1ed8ab4e
                                    • Instruction ID: 69e2ecc8e8683b2ba9d2f872a84976525095bb22bb756663b00e447b805aaaf7
                                    • Opcode Fuzzy Hash: 4fd6b64d489eeee07b9002feb7b4567ad06b9f3a236fe77f88528e8b1ed8ab4e
                                    • Instruction Fuzzy Hash: F351AD74A503439FD720DF24CD90F67B3E5AB95704F08892CE8AA8B791E775E805CB91
                                    Strings
                                    • bl <= (int)sizeof(ctx->buf), xrefs: 03F87374
                                    • .\crypto\evp\evp_enc.c, xrefs: 03F8737E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\evp\evp_enc.c$bl <= (int)sizeof(ctx->buf)
                                    • API String ID: 0-2268396538
                                    • Opcode ID: 240cf39b621661e0cc6b5c64f90f6db3303fb11ad4a2b6b54ade334a55d9f4c9
                                    • Instruction ID: 1c10cfeb3525a06c07d10f357a83e99c363159a77313040afc50135ec3b637a0
                                    • Opcode Fuzzy Hash: 240cf39b621661e0cc6b5c64f90f6db3303fb11ad4a2b6b54ade334a55d9f4c9
                                    • Instruction Fuzzy Hash: B341C0766043068FD714EF99EC80E6BB7E9FFC8210F584A6DE98487204D735E949CBA1
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpymemset
                                    • String ID: .\crypto\hmac\hmac.c$j <= (int)sizeof(ctx->key)$len>=0 && len<=(int)sizeof(ctx->key)
                                    • API String ID: 1297977491-2686585804
                                    • Opcode ID: 0fd9d957c43e7d5f87436d9c3d19f5dc8635f630495902f9ee01ad74872a8f86
                                    • Instruction ID: 77950a4735fc4408b72c2fb9048ab3618203101be70a5c4bca73e2b606afcd47
                                    • Opcode Fuzzy Hash: 0fd9d957c43e7d5f87436d9c3d19f5dc8635f630495902f9ee01ad74872a8f86
                                    • Instruction Fuzzy Hash: 2441D6B66047456BD320EB64DD80BBFB3ECEF85604F444C2EE98A9B101D635F94587A2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncmp
                                    • String ID: .\crypto\x509v3\v3_ncons.c$excluded$permitted
                                    • API String ID: 1114863663-3320112686
                                    • Opcode ID: 8154287fcef0367738afdd6d2beb08029cf5231a22cd9daa691f3f00fd11ecf8
                                    • Instruction ID: 71c54e7ff9907d6d987e4715aaeb570c37b5454e43dc43cedbd59bdaa95b319b
                                    • Opcode Fuzzy Hash: 8154287fcef0367738afdd6d2beb08029cf5231a22cd9daa691f3f00fd11ecf8
                                    • Instruction Fuzzy Hash: 6841107AF443416BD710FAA5EC42F6B7395AB82604F08443CF95A9F243F7A5E504C762
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strchr
                                    • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                    • API String ID: 2830005266-2416195885
                                    • Opcode ID: 58a12896713169b8fb2d428da3db77a1444dc6e256c1c3d94bbe08430b943fce
                                    • Instruction ID: 67a7c2802479731610d3846b823e8d668dc10924e8ff6bfeada1c4968aacdeff
                                    • Opcode Fuzzy Hash: 58a12896713169b8fb2d428da3db77a1444dc6e256c1c3d94bbe08430b943fce
                                    • Instruction Fuzzy Hash: 0D312375A043069BD720DE64CC41FAFB3ADEF90744F08482EF99497241E774F90887A2
                                    APIs
                                    • sqlite3_realloc.SQLITE3(?,?), ref: 02DBF3F3
                                    • sqlite3_mprintf.SQLITE3(02DDA2A8,?), ref: 02DBF41B
                                    • sqlite3_free.SQLITE3(?), ref: 02DBF46A
                                    • sqlite3_mprintf.SQLITE3(?), ref: 02DBF476
                                    • sqlite3_malloc.SQLITE3(00000001), ref: 02DBF492
                                      • Part of subcall function 02D92AE5: sqlite3_initialize.SQLITE3 ref: 02D92AEB
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mprintf$sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                    • String ID:
                                    • API String ID: 4083147203-0
                                    • Opcode ID: 815c496178e0750e89345712ab05a4925622dc3efb656580ce71af161831f091
                                    • Instruction ID: 4fa061b8892639d6c74b5f71abd80ff55d21decaeaccfa7b2ff2dbb15775cdc1
                                    • Opcode Fuzzy Hash: 815c496178e0750e89345712ab05a4925622dc3efb656580ce71af161831f091
                                    • Instruction Fuzzy Hash: E2416D71500605EFCB229F68D8909A677F6FF44758B20892EE89787B00EB31ED45CFA0
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memset
                                    • String ID: .\crypto\buffer\buffer.c$VUUU
                                    • API String ID: 2221118986-3873286295
                                    • Opcode ID: f2fe784e89a1c765c3a61836faab5e2d9f245ea035e216b549b5fe17039a6379
                                    • Instruction ID: fb54f1a0dda0e8241429b0261cc4669e02717ff1991b05ebc473ef73bfe664ec
                                    • Opcode Fuzzy Hash: f2fe784e89a1c765c3a61836faab5e2d9f245ea035e216b549b5fe17039a6379
                                    • Instruction Fuzzy Hash: FD21DDB6B403106BDB10EA5DEC85F1AB79ADBC4A11F0C4175FD0CDF385E662E81482B5
                                    APIs
                                      • Part of subcall function 03FAB950: signal.MSVCR90 ref: 03FAB957
                                      • Part of subcall function 03FAB950: signal.MSVCR90 ref: 03FAB968
                                      • Part of subcall function 03FAB950: signal.MSVCR90 ref: 03FAB979
                                      • Part of subcall function 03FAB950: signal.MSVCR90 ref: 03FAB98A
                                      • Part of subcall function 03FAB950: signal.MSVCR90 ref: 03FAB99B
                                      • Part of subcall function 03FAB950: signal.MSVCR90 ref: 03FAB9AC
                                    • fgets.MSVCR90 ref: 03FABA31
                                    • feof.MSVCR90 ref: 03FABA44
                                    • ferror.MSVCR90 ref: 03FABA56
                                    • strchr.MSVCR90 ref: 03FABA69
                                    • fprintf.MSVCR90 ref: 03FABAD3
                                      • Part of subcall function 03FAB900: _getch.MSVCR90 ref: 03FAB911
                                      • Part of subcall function 03FAB900: GetStdHandle.KERNEL32(000000F6), ref: 03FAB931
                                      • Part of subcall function 03FAB900: FlushConsoleInputBuffer.KERNEL32(00000000), ref: 03FAB938
                                      • Part of subcall function 03FAB780: fgets.MSVCR90 ref: 03FAB79D
                                      • Part of subcall function 03FAB780: strchr.MSVCR90 ref: 03FAB7A9
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: signal$fgetsstrchr$BufferConsoleFlushHandleInput_getchfeofferrorfprintf
                                    • String ID:
                                    • API String ID: 1680351038-0
                                    • Opcode ID: bc080bd7d643d72a6e458af887452fb7f49badbe8a34b28fc1b1c22f098ab260
                                    • Instruction ID: 385325c0337b58fb5cfd7728fdcbe36dfc54a2e85b3f08b0a9d946eca11db04e
                                    • Opcode Fuzzy Hash: bc080bd7d643d72a6e458af887452fb7f49badbe8a34b28fc1b1c22f098ab260
                                    • Instruction Fuzzy Hash: 233137F69543469FD720EFACDCC4A6BB7E8EB80300F04893CE9955A251E639EC45C752
                                    APIs
                                    • sqlite3_mutex_leave.SQLITE3(00000000,?,00000000,00000000,?,02D96F72), ref: 02D96BE1
                                    • sqlite3_initialize.SQLITE3(?,00000000,00000000,?,02D96F72), ref: 02D96BF3
                                    • sqlite3_mutex_enter.SQLITE3(?,00000000,00000000,?,02D96F72), ref: 02D96C22
                                    • _memset.LIBCMT ref: 02D96C39
                                    • sqlite3_free.SQLITE3(?), ref: 02D96C89
                                      • Part of subcall function 02D92A8E: sqlite3_mutex_enter.SQLITE3(00000000,00000000,02DC834C,0000000A), ref: 02D92AAE
                                      • Part of subcall function 02D92A8E: sqlite3_mutex_leave.SQLITE3(02DC834C,02DC834C,00000000,02DC834C,0000000A), ref: 02D92AC4
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$_memsetsqlite3_freesqlite3_initialize
                                    • String ID:
                                    • API String ID: 2298751931-0
                                    • Opcode ID: f893768443e5276cce028bc535248cbd6c0baa07b3f66d20c7d643dda7b3f628
                                    • Instruction ID: 630f94e50b9bf6c88870c966b3087ae6b4d02aff7845d2a523847a61d66bb852
                                    • Opcode Fuzzy Hash: f893768443e5276cce028bc535248cbd6c0baa07b3f66d20c7d643dda7b3f628
                                    • Instruction Fuzzy Hash: C6316171604601AFCB20DF69D8D082AB7FAEF94314B248A2EF49587361DB31EC95CF91
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DA03EF
                                    • sqlite3_mutex_enter.SQLITE3(?), ref: 02DA040C
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DA046C
                                    • sqlite3_free.SQLITE3(?), ref: 02DA0480
                                    • sqlite3_mutex_leave.SQLITE3(?), ref: 02DA0487
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                    • String ID:
                                    • API String ID: 251237202-0
                                    • Opcode ID: 06c53f0e8b257a33c8d2052e1df6d460925b5cc9686043eaf6d62a0b04bcfc53
                                    • Instruction ID: a827fba5665be1e17937c6d67c010a2fce27b5a73c83a4450a3a2b0de62de59f
                                    • Opcode Fuzzy Hash: 06c53f0e8b257a33c8d2052e1df6d460925b5cc9686043eaf6d62a0b04bcfc53
                                    • Instruction Fuzzy Hash: 342118762006009FDB359F28E890F56B3E6EF48311F25496AF9818B7A1DB71EC85CF60
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3 ref: 02D92B18
                                    • sqlite3_mutex_leave.SQLITE3 ref: 02D92B2D
                                    • sqlite3_mutex_enter.SQLITE3 ref: 02D92B42
                                    • sqlite3_mutex_leave.SQLITE3 ref: 02D92B74
                                    • sqlite3_mutex_leave.SQLITE3 ref: 02D92BBB
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter
                                    • String ID:
                                    • API String ID: 1664011779-0
                                    • Opcode ID: 24176e40bcd5f1d3fde378b8b35c733bc90f939816ba4b11509a3d637b81cb4b
                                    • Instruction ID: 3cb4c695795158e7e54317fdb639e14c46102bada384b880a89bb042f7acccbe
                                    • Opcode Fuzzy Hash: 24176e40bcd5f1d3fde378b8b35c733bc90f939816ba4b11509a3d637b81cb4b
                                    • Instruction Fuzzy Hash: 77117C72A40245EADF15BB64E809B2C37BAFB84365F200819F904AA390DE729D65DB20
                                    APIs
                                    • sqlite3_aggregate_context.SQLITE3(?,0000001C), ref: 02DB54F6
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB5525
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB5530
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB5549
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB5553
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                    • String ID:
                                    • API String ID: 4225432645-0
                                    • Opcode ID: 5ec70d64cc7f4408fda061a701623aca5cb4dd649c55975c92dcba8f56b1cf93
                                    • Instruction ID: 2dcf8cd588a113353e389827ef75c1fef76b3e77ae026d0c6e7d91c29c899de1
                                    • Opcode Fuzzy Hash: 5ec70d64cc7f4408fda061a701623aca5cb4dd649c55975c92dcba8f56b1cf93
                                    • Instruction Fuzzy Hash: 5E114872204744AFEB599E28E855D9677DBDF04721F60049DE4428B381FF71ED50CBA0
                                    APIs
                                    • __getptd.LIBCMT ref: 02DCF0EC
                                      • Part of subcall function 02DCD38C: __getptd_noexit.LIBCMT ref: 02DCD38F
                                      • Part of subcall function 02DCD38C: __amsg_exit.LIBCMT ref: 02DCD39C
                                    • __amsg_exit.LIBCMT ref: 02DCF10C
                                    • __lock.LIBCMT ref: 02DCF11C
                                    • InterlockedDecrement.KERNEL32(?), ref: 02DCF139
                                    • InterlockedIncrement.KERNEL32(04511710), ref: 02DCF164
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                    • String ID:
                                    • API String ID: 4271482742-0
                                    • Opcode ID: affa0e34745d6f19d3f5e5d75bf367575a90956ccab8385a2d488326b1fb4b99
                                    • Instruction ID: 9e1a7620e32be9c76c51c395b29597d4ed750c0e3fb7984688946de9d257505a
                                    • Opcode Fuzzy Hash: affa0e34745d6f19d3f5e5d75bf367575a90956ccab8385a2d488326b1fb4b99
                                    • Instruction Fuzzy Hash: D5011B32D42B13EBDA21AF64E80579E77A2EB00715F24455EE804A7780C778AD51CFE1
                                    APIs
                                    • sqlite3_prepare.SQLITE3(?,?,000000FF,?,00000000), ref: 02DC140F
                                    • sqlite3_column_text.SQLITE3(?,00000000), ref: 02DC1423
                                    • sqlite3_step.SQLITE3(?), ref: 02DC143B
                                      • Part of subcall function 02DA3972: sqlite3_mutex_enter.SQLITE3(?), ref: 02DA3994
                                      • Part of subcall function 02DA3972: sqlite3_reset.SQLITE3(?), ref: 02DA39C3
                                      • Part of subcall function 02DA3972: sqlite3_value_text.SQLITE3(?), ref: 02DA39F0
                                      • Part of subcall function 02DA3972: sqlite3_mutex_leave.SQLITE3(?), ref: 02DA3A33
                                    • sqlite3_finalize.SQLITE3(?), ref: 02DC1447
                                    • sqlite3_finalize.SQLITE3(?), ref: 02DC1452
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_finalize$sqlite3_column_textsqlite3_mutex_entersqlite3_mutex_leavesqlite3_preparesqlite3_resetsqlite3_stepsqlite3_value_text
                                    • String ID:
                                    • API String ID: 2566761320-0
                                    • Opcode ID: 28b41451dfb36160668963ada62a69324e85bc1d69b2285b99a292dc5f96ed74
                                    • Instruction ID: a6d06a98ad377a28456ae3cd60a14f1a2aee64c436cfd47b781bed2fc5004ced
                                    • Opcode Fuzzy Hash: 28b41451dfb36160668963ada62a69324e85bc1d69b2285b99a292dc5f96ed74
                                    • Instruction Fuzzy Hash: 09F02432108135B6DE0222149C01FEF365FDF422A4F304068F819A7391FB70EE018AB5
                                    APIs
                                    • __lock.LIBCMT ref: 02DC9CD3
                                      • Part of subcall function 02DCAA3C: __mtinitlocknum.LIBCMT ref: 02DCAA52
                                      • Part of subcall function 02DCAA3C: __amsg_exit.LIBCMT ref: 02DCAA5E
                                      • Part of subcall function 02DCAA3C: EnterCriticalSection.KERNEL32(?,?,?,02DCFA96,00000004,02DDD7F0,0000000C,02DCD72B,?,?,00000000,00000000,00000000,?,02DCD33E,00000001), ref: 02DCAA66
                                    • ___sbh_find_block.LIBCMT ref: 02DC9CDE
                                    • ___sbh_free_block.LIBCMT ref: 02DC9CED
                                    • HeapFree.KERNEL32(00000000,?,02DDD540,0000000C,02DCAA1D,00000000,02DDD5E0,0000000C,02DCAA57,?,?,?,02DCFA96,00000004,02DDD7F0,0000000C), ref: 02DC9D1D
                                    • GetLastError.KERNEL32(?,02DCFA96,00000004,02DDD7F0,0000000C,02DCD72B,?,?,00000000,00000000,00000000,?,02DCD33E,00000001,00000214), ref: 02DC9D2E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                    • String ID:
                                    • API String ID: 2714421763-0
                                    • Opcode ID: e3cc75b6d1b1d5b3e6cefc0b8495897ee50a4ee0b35d1f87a99c182bab4b147a
                                    • Instruction ID: 5273e5e5d7310047e21fee1b0b04b3752de4e87c3c325e56c9becdcb462298e2
                                    • Opcode Fuzzy Hash: e3cc75b6d1b1d5b3e6cefc0b8495897ee50a4ee0b35d1f87a99c182bab4b147a
                                    • Instruction Fuzzy Hash: 2B014F72945307EADF206FB0A819BAD3BA5EF00729F70051DE404A7380DB38DD40CEA5
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB51EE
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB520B
                                    • sqlite3_load_extension.SQLITE3(?,00000000,00000000,?), ref: 02DB5220
                                    • sqlite3_result_error.SQLITE3(?,?,000000FF), ref: 02DB5232
                                    • sqlite3_free.SQLITE3(?,?,?,000000FF), ref: 02DB523A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_freesqlite3_load_extensionsqlite3_result_error
                                    • String ID:
                                    • API String ID: 2887166659-0
                                    • Opcode ID: 0c0743c55c755cddfcb1d2c518baa55e97d912309b6789685c44bb049d0397a8
                                    • Instruction ID: 98465157b582ded4019062dc7124978c442344095adaa8474d77bb0e8323d2cc
                                    • Opcode Fuzzy Hash: 0c0743c55c755cddfcb1d2c518baa55e97d912309b6789685c44bb049d0397a8
                                    • Instruction Fuzzy Hash: 7BF08C72900208FBDF05AF68DC41CEE3B6AEF053A4F508469F915A6290EB31DE50DBA0
                                    APIs
                                    • PyInt_AsLong.PYTHON27(?), ref: 011827C5
                                    • PyErr_Occurred.PYTHON27 ref: 011827D5
                                    • PyEval_SaveThread.PYTHON27 ref: 011827E5
                                    • shutdown.WS2_32(?,00000000), ref: 011827F6
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 011827FF
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Err_Int_LongOccurredRestoreSaveshutdown
                                    • String ID:
                                    • API String ID: 3505531508-0
                                    • Opcode ID: 29f789457843741f7409bf82c72bfb9a3eb56d259fc1270041a512b19d851fea
                                    • Instruction ID: 3f9d7540c5450aed844086b3dea855be168e4c3a01cbf7a6b2d31ae61c9ea2ef
                                    • Opcode Fuzzy Hash: 29f789457843741f7409bf82c72bfb9a3eb56d259fc1270041a512b19d851fea
                                    • Instruction Fuzzy Hash: E4F0CD362046009F9B29AF6CF8C889F37A8EBD8275714C231F821C324BD730C882CB61
                                    APIs
                                    • _time64.MSVCR90 ref: 03FC5FC1
                                    • SetLastError.KERNEL32(00000000), ref: 03FC5FF7
                                    • SetLastError.KERNEL32(00000000), ref: 03FC6072
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast$_time64
                                    • String ID: .\ssl\s2_srvr.c
                                    • API String ID: 19956885-32889589
                                    • Opcode ID: 7c7b351d7d9a46906d7775ec10fd10572fa525f5a073bb551d45f39a5ae48521
                                    • Instruction ID: 345f5bdf0b17e6b018b06a55be61920cd32abb101305f1d40b15f191aca96ce3
                                    • Opcode Fuzzy Hash: 7c7b351d7d9a46906d7775ec10fd10572fa525f5a073bb551d45f39a5ae48521
                                    • Instruction Fuzzy Hash: C99111B29A57468BD730EF25CE44B5BB7A5AB81700F4C083DD54A8B782DB7AF005CB51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\rsa\rsa_sign.c$signature has problems, re-make with post SSLeay045
                                    • API String ID: 0-2026949621
                                    • Opcode ID: cc08d8252b74278cca4b9b5c85db47db650a7506926b315685dadffd475781ce
                                    • Instruction ID: 6927957e0ca1f9c83da7ffd6230cd9b6560764946fde42e83e7744ac5516e3f8
                                    • Opcode Fuzzy Hash: cc08d8252b74278cca4b9b5c85db47db650a7506926b315685dadffd475781ce
                                    • Instruction Fuzzy Hash: 68615B71F443026BEA20EB28DC81F7F77959B43604F0C445AFA8AAF381D666ED40C392
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: $0123456789ABCDEF$0123456789abcdef
                                    • API String ID: 1302938615-30751140
                                    • Opcode ID: 6e407e6f10489dc8a418b37d151cd47f82c9fc6b9e98a3007e5493c967994ee2
                                    • Instruction ID: 18dd79c78e973081404055fb416d63b8e5b541498e099980e562a16347dac93e
                                    • Opcode Fuzzy Hash: 6e407e6f10489dc8a418b37d151cd47f82c9fc6b9e98a3007e5493c967994ee2
                                    • Instruction Fuzzy Hash: B581BDB5A083428FDB14CF28D95062FF7E5AFC9204F084A5DE9D5A7301D335E90ACB92
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\asn1\a_set.c
                                    • API String ID: 0-3596435737
                                    • Opcode ID: a835886d43f49564dda907effdfbf08905b64c702003f53dac0b0628d47f1683
                                    • Instruction ID: 8acbf301830f5060956e0837e6e2522f12cd457b99320fa995a0c5919099c1bf
                                    • Opcode Fuzzy Hash: a835886d43f49564dda907effdfbf08905b64c702003f53dac0b0628d47f1683
                                    • Instruction Fuzzy Hash: E051E0BAA443016BD710FB69EC81E6B77E9EFC6614F04082CF845DB302E675E90586A2
                                    APIs
                                    • sqlite3_snprintf.SQLITE3(?,00000000,CREATE TABLE ), ref: 02DB0FF7
                                    • sqlite3_snprintf.SQLITE3(00000000,?,00000000), ref: 02DB103D
                                    • sqlite3_snprintf.SQLITE3(00000000,?,02DDA2A8,02DDB75C), ref: 02DB10AF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf
                                    • String ID: CREATE TABLE
                                    • API String ID: 949980604-2216363946
                                    • Opcode ID: 41fe742af9c624f9473a48c1c359c59ab4ef2013111b3238f39c4fe2478af71b
                                    • Instruction ID: 161e81d736b4c72bac54796ea7f92dd5b3a2c2bd2142ef5df8bf531683295531
                                    • Opcode Fuzzy Hash: 41fe742af9c624f9473a48c1c359c59ab4ef2013111b3238f39c4fe2478af71b
                                    • Instruction Fuzzy Hash: C1513E71D00219EBCB51DF98C594AEFBBB9EF49319F144099E846A7345D730EE058FA0
                                    APIs
                                    • PyString_FromStringAndSize.PYTHON27(?,00000000), ref: 03FD1C0B
                                      • Part of subcall function 03FD12DC: PyOS_snprintf.PYTHON27(?,00000800,_ssl.c:%d: %s,?,00000000,00000000,00000000), ref: 03FD130A
                                      • Part of subcall function 03FD12DC: Py_BuildValue.PYTHON27((is),00000000,?), ref: 03FD1320
                                      • Part of subcall function 03FD12DC: PyErr_SetObject.PYTHON27(036AAE28,00000000), ref: 03FD1336
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildErr_FromObjectS_snprintfSizeStringString_Value
                                    • String ID: strict
                                    • API String ID: 1529258720-2947452218
                                    • Opcode ID: d1f8e5840f0757558f6dd452c44b808c1497a840154eb7a36b5661df7aea9595
                                    • Instruction ID: 653d8c5ddd7162fe4c585aa80e1d406845a9e4d3875e46f0b3af1dff4f21948a
                                    • Opcode Fuzzy Hash: d1f8e5840f0757558f6dd452c44b808c1497a840154eb7a36b5661df7aea9595
                                    • Instruction Fuzzy Hash: 7A3106B6E003015BD310EBA4EC46BDB73E5AF90734F080668EAA9862C0F775D955C6D2
                                    APIs
                                    • sqlite3_strnicmp.SQLITE3(?,01288907,00000000), ref: 02DBB324
                                    Strings
                                    • @, xrefs: 02DBB361
                                    • RIGHT and FULL OUTER JOINs are not currently supported, xrefs: 02DBB383
                                    • unknown or unsupported join type: %T %T%s%T, xrefs: 02DBB3AD
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: @$RIGHT and FULL OUTER JOINs are not currently supported$unknown or unsupported join type: %T %T%s%T
                                    • API String ID: 1961171630-141217959
                                    • Opcode ID: 21ecc4b1006666d4a62f13fb34fd90f82e7cfc8bf1fa929b7ccd4701edc75b81
                                    • Instruction ID: 6da4c02094e08a7d850e7c1eb2806e001a51af4d9b9c62c8e245205accd7f5e0
                                    • Opcode Fuzzy Hash: 21ecc4b1006666d4a62f13fb34fd90f82e7cfc8bf1fa929b7ccd4701edc75b81
                                    • Instruction Fuzzy Hash: 3A316B71E00609EFDF11CE98C8557EEBBB5EF04219F15405AEC92A7351D330AE51DBA1
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: getenv
                                    • String ID: ENV$default
                                    • API String ID: 498649692-1320007843
                                    • Opcode ID: 2cbc201bdf502601159821c159f304d6ad907c20fa96960d1a1656fda844ef54
                                    • Instruction ID: d23facbce30549e58d6afca0a18385886d5bc500d6b459fc9247ad312f7371e7
                                    • Opcode Fuzzy Hash: 2cbc201bdf502601159821c159f304d6ad907c20fa96960d1a1656fda844ef54
                                    • Instruction Fuzzy Hash: A221C976E042024BD714EF28AC91AFBB7DAAED1514F4D4569EC44CB211E352D50DC392
                                    APIs
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DAE3F1
                                    • sqlite3_value_text.SQLITE3(?,?), ref: 02DAE3FB
                                    • sqlite3_result_text.SQLITE3(?,00000000,000000FF,Function_00002D0C,%.*s"%w"%s,?,00000000,?,?), ref: 02DAE48B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$sqlite3_result_text
                                    • String ID: %.*s"%w"%s
                                    • API String ID: 380805339-442545016
                                    • Opcode ID: b46f497188eb548cabc822411576844211a51b824b6034fe0c1e08a3561ea187
                                    • Instruction ID: 2ebc0cdbae7582a54ebe569a82e51cc6ba60061e28c52c2798f75a7f23079650
                                    • Opcode Fuzzy Hash: b46f497188eb548cabc822411576844211a51b824b6034fe0c1e08a3561ea187
                                    • Instruction Fuzzy Hash: D6118171A00249ABDF249F98CCA4EAE77BAEF44314F2441B9E911A3390D7B0DE41CB91
                                    APIs
                                      • Part of subcall function 01184942: PyErr_SetString.PYTHON27(036A9748,getsockaddrarg: bad family,?,?,?,?,?,?,?), ref: 01184975
                                    • PyEval_SaveThread.PYTHON27 ref: 011854EF
                                      • Part of subcall function 0118289E: connect.WS2_32(?,?,?), ref: 011828C4
                                      • Part of subcall function 0118289E: WSAGetLastError.WS2_32 ref: 011828EE
                                      • Part of subcall function 0118289E: select.WS2_32 ref: 01182953
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?), ref: 0118550F
                                    • PyErr_SetString.PYTHON27(036A9930,timed out), ref: 0118552A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Eval_StringThread$ErrorLastRestoreSaveconnectselect
                                    • String ID: timed out
                                    • API String ID: 1768519725-3163636755
                                    • Opcode ID: f3055440f8afec3aa308da652579f89cdcad60860a05b91e666f9ec4e6f84376
                                    • Instruction ID: d167eef71fe8eaa427b0ade25b5a51730b5e8414294b21b1ccb8aa76a1a7fef5
                                    • Opcode Fuzzy Hash: f3055440f8afec3aa308da652579f89cdcad60860a05b91e666f9ec4e6f84376
                                    • Instruction Fuzzy Hash: C0119472604204AFD718AA59E8848AEB7ADEBD5125F00C17AFE19C3102EA319855CBE1
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(00000000,00000002,00000000,?,00000000,?,?,00000000,02DC9454,00000000,00000000,00000000), ref: 02DB8BB5
                                    • sqlite3_mutex_leave.SQLITE3(00000000,00000000,?,00000000,?,?,00000000,02DC9454,00000000,00000000,00000000), ref: 02DB8BD5
                                    • sqlite3_free.SQLITE3(00000000,00000000,?,00000000,?,?,00000000,02DC9454,00000000,00000000), ref: 02DB8C12
                                    Strings
                                    • automatic extension loading failed: %s, xrefs: 02DB8BFE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID: automatic extension loading failed: %s
                                    • API String ID: 2240884162-2218554779
                                    • Opcode ID: f98cca4d9b59b3f448dd95488115fc7fb36ae956f1c6e3892b3c9917c9d3c7dd
                                    • Instruction ID: be8c58b0733c04660e66b7ee3f76fd1ff14bfd9fc2c3ef02a2593dbc6b795f12
                                    • Opcode Fuzzy Hash: f98cca4d9b59b3f448dd95488115fc7fb36ae956f1c6e3892b3c9917c9d3c7dd
                                    • Instruction Fuzzy Hash: 36014572A00208FEEF11AEE5EC8AE9EB76DEF40314F100029FD01A6340DB709D44DAA0
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,011985C0,?,?), ref: 01194671
                                    • PyObject_CallMethod.PYTHON27(?,upper,011979D8), ref: 0119468C
                                    • PyDict_SetItem.PYTHON27(00000000,?), ref: 011946A5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_CallDict_ItemMethodObject_ParseTuple
                                    • String ID: upper
                                    • API String ID: 232699643-1851776924
                                    • Opcode ID: ee2d6ba35f51d0d3c093e27278bacbcf1b5fea8382e390dc6d99b1c7aedc1549
                                    • Instruction ID: 1d8a66abc3693a79563ed76c7ef6d173264111294253f5ca8507f899b956cc32
                                    • Opcode Fuzzy Hash: ee2d6ba35f51d0d3c093e27278bacbcf1b5fea8382e390dc6d99b1c7aedc1549
                                    • Instruction Fuzzy Hash: D701F276A00004EFDF295B49EE06DEA7BB9EF452117040160FE31D2155E7309A41CFD8
                                    APIs
                                    • fread.MSVCR90 ref: 03F65BF1
                                    • ferror.MSVCR90 ref: 03F65BFC
                                    • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000CA), ref: 03F65C12
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLastferrorfread
                                    • String ID: .\crypto\bio\bss_file.c
                                    • API String ID: 2845062543-2413717009
                                    • Opcode ID: 8aed6609ce940ed7ca595681c1de932e8fceb238ce810d65a5da65c806345fcf
                                    • Instruction ID: 042120673adf239da845c5ef2c30e57fbf39fe923ea3c9421a043949ee7b5212
                                    • Opcode Fuzzy Hash: 8aed6609ce940ed7ca595681c1de932e8fceb238ce810d65a5da65c806345fcf
                                    • Instruction Fuzzy Hash: 7BF0FC757903017FE624E779AC0AF3B7399ABC5B20F08492DB659EF1C5D6A0D8408722
                                    APIs
                                    • PyFloat_AsDouble.PYTHON27(?), ref: 011835C2
                                    • PyErr_Occurred.PYTHON27 ref: 011835D8
                                    • PyErr_SetString.PYTHON27(?,Timeout value out of range), ref: 011835EF
                                    Strings
                                    • Timeout value out of range, xrefs: 011835E9
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$DoubleFloat_OccurredString
                                    • String ID: Timeout value out of range
                                    • API String ID: 2457379912-3018989670
                                    • Opcode ID: d9b7cfc59bbb6912a7d1590e6bf3e0f460eda590260b5c92fe0df8a6bc774103
                                    • Instruction ID: 0bed0053e80fe33ab056aa8ff60e2320cd274eca89a05c76decdb9cac1cad76b
                                    • Opcode Fuzzy Hash: d9b7cfc59bbb6912a7d1590e6bf3e0f460eda590260b5c92fe0df8a6bc774103
                                    • Instruction Fuzzy Hash: 5D01A4B0610101ABD72DBF14E989A1E37A8FB80B42F44C574F8A6C224BD735D5D1CF21
                                    APIs
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                      • Part of subcall function 0119278E: PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                      • Part of subcall function 0119278E: PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                      • Part of subcall function 01191A6A: PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    • PyArg_ParseTuple.PYTHON27(?,01197BFC,?), ref: 011926D8
                                    • sqlite3_enable_load_extension.SQLITE3(?,?), ref: 011926EB
                                    • PyErr_SetString.PYTHON27(Error enabling load extension), ref: 01192701
                                    Strings
                                    • Error enabling load extension, xrefs: 011926F6
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$StringThread_get_thread_ident$Arg_FormatParseTuplesqlite3_enable_load_extension
                                    • String ID: Error enabling load extension
                                    • API String ID: 2864950024-1623653094
                                    • Opcode ID: c63f6ddb041b48b9982c168d2c7208cca0dccb78f6c78dd837f832c126244697
                                    • Instruction ID: 5f64527b7832311a519dc46ae4608e39d7ee56631de833b5f69eb7244c292939
                                    • Opcode Fuzzy Hash: c63f6ddb041b48b9982c168d2c7208cca0dccb78f6c78dd837f832c126244697
                                    • Instruction Fuzzy Hash: ADF06D39214606FFEF1DAB29ED4196E3BA9EF116547144035E931F20A0EB31EA449B54
                                    APIs
                                    • GetModuleHandleA.KERNEL32(KERNEL32,02DD1AB4), ref: 02DD286A
                                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 02DD287A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: AddressHandleModuleProc
                                    • String ID: IsProcessorFeaturePresent$KERNEL32
                                    • API String ID: 1646373207-3105848591
                                    • Opcode ID: 84fb2abeb6e0608394fac8e65783731bbb9e68f842084fc925cf5774fc85c97f
                                    • Instruction ID: f1f41e011e46feee61819302aa5ff608b93eb9fe878401f07d9391dcecf3ded5
                                    • Opcode Fuzzy Hash: 84fb2abeb6e0608394fac8e65783731bbb9e68f842084fc925cf5774fc85c97f
                                    • Instruction Fuzzy Hash: F2F03031A80E0AD2EF041BA5BD0E66FBF79BB80706FC10590D592E0285DF70E874C291
                                    APIs
                                    • PyFloat_AsDouble.PYTHON27(?), ref: 0118223D
                                    • PyErr_Occurred.PYTHON27 ref: 01182253
                                    • PyErr_SetString.PYTHON27(?,Timeout value out of range), ref: 0118226A
                                    Strings
                                    • Timeout value out of range, xrefs: 01182264
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_$DoubleFloat_OccurredString
                                    • String ID: Timeout value out of range
                                    • API String ID: 2457379912-3018989670
                                    • Opcode ID: 9de32ce2076d1ee1b6ce82b3b6fb966fe99a5d935b2573eb45a7ae86bacf3df7
                                    • Instruction ID: ce36f5d917745eb2600ae775b28521e3aed95bcd8492a49f1cf08ca7b7284caf
                                    • Opcode Fuzzy Hash: 9de32ce2076d1ee1b6ce82b3b6fb966fe99a5d935b2573eb45a7ae86bacf3df7
                                    • Instruction Fuzzy Hash: A4F01770A106119FDB2EEF24E98862D37B1FBC4782F10C4B4E8628325BEB3194A0DF45
                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,01197BFC,0119A3A4,?), ref: 01194597
                                    • sqlite3_enable_shared_cache.SQLITE3(?), ref: 011945AB
                                    • PyErr_SetString.PYTHON27(Changing the shared_cache flag failed), ref: 011945C0
                                    Strings
                                    • Changing the shared_cache flag failed, xrefs: 011945B5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Err_KeywordsParseStringTuplesqlite3_enable_shared_cache
                                    • String ID: Changing the shared_cache flag failed
                                    • API String ID: 33175350-3866037843
                                    • Opcode ID: c773e6f0348b1a0386425fd1a5068bdf77dedec9a9a36b039edfd1f765d9f200
                                    • Instruction ID: 3a1d0fede8400d5a2b0f37d9c3eb4dd74b3c8f7025026034d367b117985d2af3
                                    • Opcode Fuzzy Hash: c773e6f0348b1a0386425fd1a5068bdf77dedec9a9a36b039edfd1f765d9f200
                                    • Instruction Fuzzy Hash: 98F0A031224206EFEF1EAF55FD02D5A3BA9EF016097100075F932914A1EB71DA519F10
                                    APIs
                                    • PyErr_SetString.PYTHON27(Recursive use of cursors not allowed.,01193762), ref: 011936F3
                                    Strings
                                    • Base Cursor.__init__ not called., xrefs: 011936E8
                                    • Cannot operate on a closed cursor., xrefs: 01193704
                                    • Recursive use of cursors not allowed., xrefs: 01193711
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_String
                                    • String ID: Base Cursor.__init__ not called.$Cannot operate on a closed cursor.$Recursive use of cursors not allowed.
                                    • API String ID: 1450464846-2979244948
                                    • Opcode ID: 76a086a7b0910c4a1e99c2f1edece598c81393c0cc5858ae8155758f72442755
                                    • Instruction ID: 74649744d6ce2f65578f1f249623df1fe4fcb40a426f68126765887ab6ed0696
                                    • Opcode Fuzzy Hash: 76a086a7b0910c4a1e99c2f1edece598c81393c0cc5858ae8155758f72442755
                                    • Instruction Fuzzy Hash: 51F0E531131A03FBEF2C5A3ADE45B55BAD0BB10216F040535E43091580DBB0F5E5CAD1
                                    APIs
                                    • Py_BuildValue.PYTHON27((is),00000000,getaddrinfo failed,?,011843FB,00000000), ref: 01182D7F
                                    • PyErr_SetObject.PYTHON27(036AB5C8,00000000), ref: 01182D96
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildErr_ObjectValue
                                    • String ID: (is)$getaddrinfo failed
                                    • API String ID: 893777110-582941868
                                    • Opcode ID: df9fe137b7751748e974139a52624a41d3a5cbaaad9beab514255f444980a6e8
                                    • Instruction ID: 8b137f4e4e5be8761f4d41f5f3af39eda950f146c3b3b8d8504c0379c4dc2d98
                                    • Opcode Fuzzy Hash: df9fe137b7751748e974139a52624a41d3a5cbaaad9beab514255f444980a6e8
                                    • Instruction Fuzzy Hash: 65E092719012215BC228AFA4BD0498B7BD4AF41660B04C624F92482349D7349D81CBE1
                                    APIs
                                    • Py_BuildValue.PYTHON27((is),00000000,host not found,?,01184685,00000000), ref: 01182DC4
                                    • PyErr_SetObject.PYTHON27(036A8BD8,00000000,?,?,00000000), ref: 01182DDB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildErr_ObjectValue
                                    • String ID: (is)$host not found
                                    • API String ID: 893777110-3306034047
                                    • Opcode ID: 513644dd2b971789f7147a4561b5efce24976c1f2af2a80c11cce3c6225ddc22
                                    • Instruction ID: 2bc762868e3381de3096c29d95a19dfc545b9096beb95c9c18b4b1df052cd904
                                    • Opcode Fuzzy Hash: 513644dd2b971789f7147a4561b5efce24976c1f2af2a80c11cce3c6225ddc22
                                    • Instruction Fuzzy Hash: 86E0DF71901221ABC238AFA8BD04D8F7B94AF45670704C728FC2487249D738DD81CFE2
                                    APIs
                                    • PyThread_get_thread_ident.PYTHON27(?,01191B53,011915A1,?,?,011915A1,?,?), ref: 0119279B
                                    • PyThread_get_thread_ident.PYTHON27(?,011915A1,?,?), ref: 011927A2
                                    • PyErr_Format.PYTHON27(SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld,?,00000000,?,011915A1,?,?), ref: 011927B3
                                    Strings
                                    • SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld, xrefs: 011927A8
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Thread_get_thread_ident$Err_Format
                                    • String ID: SQLite objects created in a thread can only be used in that same thread.The object was created in thread id %ld and this is thread id %ld
                                    • API String ID: 717450659-3588016856
                                    • Opcode ID: afa72b0a115f5a11c6f0aa9976cb9100d81fd234629d42d08aa141a07b03358a
                                    • Instruction ID: 2ef2c8a4f475832118bf05c9a1bf12f70757323633152008583202b0983ade9b
                                    • Opcode Fuzzy Hash: afa72b0a115f5a11c6f0aa9976cb9100d81fd234629d42d08aa141a07b03358a
                                    • Instruction Fuzzy Hash: 8BE0C231124940ABEBB8BB38FD01A2A77A2FF80600B440878E132D2828C330B4828F54
                                    APIs
                                    • sqlite3_mprintf.SQLITE3(unable to use function %s in the requested context,?), ref: 02DA3A64
                                    • sqlite3_result_error.SQLITE3(?,00000000,000000FF,unable to use function %s in the requested context,?), ref: 02DA3A6F
                                    • sqlite3_free.SQLITE3(00000000,?,00000000,000000FF,unable to use function %s in the requested context,?), ref: 02DA3A75
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_enter.SQLITE3(00000000,02DC835C,00000000), ref: 02D92CD4
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_leave.SQLITE3 ref: 02D92CF8
                                    Strings
                                    • unable to use function %s in the requested context, xrefs: 02DA3A5F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_mprintfsqlite3_mutex_entersqlite3_mutex_leavesqlite3_result_error
                                    • String ID: unable to use function %s in the requested context
                                    • API String ID: 642938240-47290733
                                    • Opcode ID: 9dd1bc877f8dffd0cfc41fc17afd42366f6537d7be91b04bf327edc4cc115107
                                    • Instruction ID: 0b2b17c29e82a2e41837b4e94751be7f3effef1d03b82a624bc3d75f435a454a
                                    • Opcode Fuzzy Hash: 9dd1bc877f8dffd0cfc41fc17afd42366f6537d7be91b04bf327edc4cc115107
                                    • Instruction Fuzzy Hash: F9D0A7325044507ACB003B1CAC00C5B377EDFC6730B160689F85057360C6204D56CEB1
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strncmp
                                    • String ID: .\ssl\ssl_ciph.c$STRENGTH
                                    • API String ID: 1114863663-4120156686
                                    • Opcode ID: 512dd7291aae4997a8e2edd15bdf7c466c442600a5529862860af68e3d7694d7
                                    • Instruction ID: dc795800bf250a83680486b550ebe446d33da2b041f8ceb3ca98c4a192f23c27
                                    • Opcode Fuzzy Hash: 512dd7291aae4997a8e2edd15bdf7c466c442600a5529862860af68e3d7694d7
                                    • Instruction Fuzzy Hash: 49A1E1F99483528FCB24CF0BD680AEAF7F6AB89704F48095EF9D447216C371D4428B96
                                    APIs
                                    • strncpy.MSVCR90 ref: 03F661AD
                                      • Part of subcall function 03F6D550: memset.MSVCR90 ref: 03F6D572
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memsetstrncpy
                                    • String ID: .\crypto\x509\x509_obj.c$NO X509_NAME
                                    • API String ID: 388311670-14672339
                                    • Opcode ID: 1fe6f925463afec0402fb7b5edc080cc8360c15c9a2f8d2f53da67b4079cae50
                                    • Instruction ID: 440053a0d6aacddc3d121ebba8fce0674fc67a1775ae8d73a7c16bed71b6a4e6
                                    • Opcode Fuzzy Hash: 1fe6f925463afec0402fb7b5edc080cc8360c15c9a2f8d2f53da67b4079cae50
                                    • Instruction Fuzzy Hash: E7A1CF75A083428FD720DF29C940B2BFBE5AFC5204F18496DE88ADB341E775E945CB92
                                    APIs
                                    • SetLastError.KERNEL32(00000000), ref: 03FC30BF
                                    • memcpy.MSVCR90(?,?,?), ref: 03FC3381
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLastmemcpy
                                    • String ID: .\ssl\s2_pkt.c$mac_size <= MAX_MAC_SIZE
                                    • API String ID: 2523627151-986645161
                                    • Opcode ID: 2d478aaa7e07d30a05e42b1d64cedf51e01be1234d63bc141782900c88847819
                                    • Instruction ID: 76a2986377faf0590efbfbf876bb77ef45dd73314f16e4a851fc9fa992bddde0
                                    • Opcode Fuzzy Hash: 2d478aaa7e07d30a05e42b1d64cedf51e01be1234d63bc141782900c88847819
                                    • Instruction Fuzzy Hash: 63B11979A507828FC724CF19CA81A6AB7E2BF44304F4C84AFE5864B751DB7AF845CB41
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\ssl\ssl_ciph.c$AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH$DEFAULT
                                    • API String ID: 0-1977527870
                                    • Opcode ID: 41c9bd2d3dc37fb466051954389619ef3b85a20b2a3e3a1b7e56e530e17644a7
                                    • Instruction ID: 94348befbc9fc2e30ef53f3485ea49a64f7662357c986927213c5657270e9215
                                    • Opcode Fuzzy Hash: 41c9bd2d3dc37fb466051954389619ef3b85a20b2a3e3a1b7e56e530e17644a7
                                    • Instruction Fuzzy Hash: 73515DFAE443025BD710FA66AD41EEB73E89BC4614F4C043DFD499B202F639E50987A2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\ssl\s2_clnt.c$0
                                    • API String ID: 0-2998554588
                                    • Opcode ID: 5b563ec423f965312f712ef1d60168ef98523585c25093ed84f82fce9eac4a20
                                    • Instruction ID: edd77833e9ffd691c41cca082725a51de9f50aa9087465b0767bfb289a0037ce
                                    • Opcode Fuzzy Hash: 5b563ec423f965312f712ef1d60168ef98523585c25093ed84f82fce9eac4a20
                                    • Instruction Fuzzy Hash: 69716775A94387ABE710DF299E81F5BB799FF80300F040A2DF9599B281D776F5048362
                                    APIs
                                    • memset.MSVCR90 ref: 03FC6501
                                    • memcpy.MSVCR90(?,?,?,?,?,00000000), ref: 03FC65EB
                                      • Part of subcall function 03F77C30: memchr.MSVCR90 ref: 03F77C68
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memchrmemcpymemset
                                    • String ID: .\ssl\s3_enc.c$A
                                    • API String ID: 3302792476-2546957612
                                    • Opcode ID: bd07499601aa2660fc94a6bf61dfc73e78bcc4e07ad7c3df5c1f86d261c5d593
                                    • Instruction ID: 3406908f1e7bf93230def3b9fbb7894bb53e2a444583a085d2916a79c74f82c8
                                    • Opcode Fuzzy Hash: bd07499601aa2660fc94a6bf61dfc73e78bcc4e07ad7c3df5c1f86d261c5d593
                                    • Instruction Fuzzy Hash: 1351B5BB6583447BD304EBA4CC81F9FB3A9EBD8704F444D1EF2518B141EAB4E54987A2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strchrstrncpy
                                    • String ID: .\crypto\x509v3\v3_info.c$value=
                                    • API String ID: 3824778938-1641153843
                                    • Opcode ID: 1dd3b35a49398a25d5db1dda05de16c7a7493702d19792863fe7193386002f02
                                    • Instruction ID: 803c110f468603a1d4c18f8cd24ebb01250af8b35913c2b3fdc8ff840b345aa4
                                    • Opcode Fuzzy Hash: 1dd3b35a49398a25d5db1dda05de16c7a7493702d19792863fe7193386002f02
                                    • Instruction Fuzzy Hash: 7D410079B443027BD620FB65AC46F6B72989F81B04F04442DFA49AF282EAA5D50487B7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\objects\obj_lib.c
                                    • API String ID: 0-1655395264
                                    • Opcode ID: 012a4e6505e7f7d9997ac26537548d62934ea93d4c7f564bac4f1985765cdb8f
                                    • Instruction ID: 29981e1a737ba420459713efbe6f579531bf4b73933416f0d6c3a628b48ecb73
                                    • Opcode Fuzzy Hash: 012a4e6505e7f7d9997ac26537548d62934ea93d4c7f564bac4f1985765cdb8f
                                    • Instruction Fuzzy Hash: 1C412BB6B4070A7FD220EFA4FC55E27B399EF90614F08893AF9598B241E761E5188790
                                    APIs
                                    • SetLastError.KERNEL32(00000000), ref: 03FC2C55
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast
                                    • String ID: .\ssl\s2_pkt.c
                                    • API String ID: 1452528299-1452743386
                                    • Opcode ID: a648ec1fb37e0a9337ec2f025ab9b2946ccd843259a15d4815138cfbad23df50
                                    • Instruction ID: 63c7a45a84543d41d451c52605e8748a52c79736da07072dc8339f6b58cfa8d9
                                    • Opcode Fuzzy Hash: a648ec1fb37e0a9337ec2f025ab9b2946ccd843259a15d4815138cfbad23df50
                                    • Instruction Fuzzy Hash: F0519171A547429FDB24CF29DA80A66F3E5FF84328F054A6ED44687B41D7B1E844CB41
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\evp\evp_enc.c$b <= sizeof ctx->final
                                    • API String ID: 0-1455458990
                                    • Opcode ID: e0fa7d8274d607d920d1abcdf8b4e4fb00ed0a48e9af4d2d888a34aa74748004
                                    • Instruction ID: 9ff56b3d8f7e3df39b1d0316a7eeb02889c94e62b38d9850b527a91e4ac60611
                                    • Opcode Fuzzy Hash: e0fa7d8274d607d920d1abcdf8b4e4fb00ed0a48e9af4d2d888a34aa74748004
                                    • Instruction Fuzzy Hash: 2821B4B2A063019FD714FF49DC80B6BB3E8EF95718F18046DF8854A240D7B5F9488BA2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f9c527b41ac3ace22fff5f8f6ec3eff42621e9d1f0e3b67f117e392b56757f7
                                    • Instruction ID: 304dc3775e82de71c81147457f1acd63740d674f1a821870ebaef06f5edef9d6
                                    • Opcode Fuzzy Hash: 2f9c527b41ac3ace22fff5f8f6ec3eff42621e9d1f0e3b67f117e392b56757f7
                                    • Instruction Fuzzy Hash: BC21B475E403028FE750EF79FE48A6773BAEB44362B080576ED45C7219E725E811CB62
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: isspace$strchr
                                    • String ID:
                                    • API String ID: 3097930973-0
                                    • Opcode ID: bc0f3ec3c58e58fbb1bf9db0d47a8500c0cf839085af6ab6f56ad72b49ec6ebc
                                    • Instruction ID: 713b999061ad2bccc181fda3de91432941cc9d387de8798405cc23c6a998d742
                                    • Opcode Fuzzy Hash: bc0f3ec3c58e58fbb1bf9db0d47a8500c0cf839085af6ab6f56ad72b49ec6ebc
                                    • Instruction Fuzzy Hash: F321677290834767EB29EB655C54777BB998F81341F0C0E78FC849B041E722F60AC7A1
                                    APIs
                                    • PyList_AsTuple.PYTHON27(00000000), ref: 03FD2322
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 03FD2344
                                    • PyList_New.PYTHON27(00000000), ref: 03FD236A
                                    • PyList_Append.PYTHON27(00000000,00000000), ref: 03FD23A4
                                    • PyList_AsTuple.PYTHON27(00000000), ref: 03FD2410
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: List_$AppendTuple
                                    • String ID:
                                    • API String ID: 3296478665-0
                                    • Opcode ID: a661b06f2b9bcfbb5efcd1985764b303131ea277fbe832e4de049449c3e4809f
                                    • Instruction ID: 33052403e23d9c9fd8473e807b8ee32aedfdae4dcf34b080bf2a473f369dcc7b
                                    • Opcode Fuzzy Hash: a661b06f2b9bcfbb5efcd1985764b303131ea277fbe832e4de049449c3e4809f
                                    • Instruction Fuzzy Hash: 782192B5C007076BC310EF64DC4891BB3A6BF81620F1D0A28F86557341EB35EA568BE2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memset
                                    • String ID: .\crypto\buffer\buffer.c$VUUU
                                    • API String ID: 2221118986-3873286295
                                    • Opcode ID: c21178fe657585f977c0bc2feb6be83424e52e0dc434ab0852782716fe3296b3
                                    • Instruction ID: bfa978eb3fa7137354a42557d8f3abae3301a2b497d74e1a89cdff245f00cb93
                                    • Opcode Fuzzy Hash: c21178fe657585f977c0bc2feb6be83424e52e0dc434ab0852782716fe3296b3
                                    • Instruction Fuzzy Hash: 4711D6B6B453026BE710DE289C91B1AF399AB94614F18823EFD189B780E3B1FD148294
                                    APIs
                                    • sqlite3_aggregate_context.SQLITE3(?,00000020), ref: 02DB5258
                                    • sqlite3_value_numeric_type.SQLITE3(?,?,00000020), ref: 02DB5264
                                    • sqlite3_value_int64.SQLITE3(?), ref: 02DB528C
                                    • sqlite3_value_double.SQLITE3(?), ref: 02DB5300
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_aggregate_contextsqlite3_value_doublesqlite3_value_int64sqlite3_value_numeric_type
                                    • String ID:
                                    • API String ID: 2017922884-0
                                    • Opcode ID: aa8ef2eacdabf03b41dcc36dfd1239506e11e4d0d152ea6db59fa3e251af301f
                                    • Instruction ID: 7eaec5d9950213c6655600db5d9a9f6231ca8a861e9259534e17c5ae9883ff6f
                                    • Opcode Fuzzy Hash: aa8ef2eacdabf03b41dcc36dfd1239506e11e4d0d152ea6db59fa3e251af301f
                                    • Instruction Fuzzy Hash: 5621F272605B01CBC724DF19984069AFBE2EFC8324F684E6DE8D683352DB74E814DB91
                                    APIs
                                    • _memset.LIBCMT ref: 02D91D1F
                                    • sqlite3_value_text.SQLITE3(?), ref: 02D91D4B
                                    • sqlite3_value_double.SQLITE3(?), ref: 02D91D6C
                                    • sqlite3_value_text.SQLITE3(?), ref: 02D91D9A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_value_text$_memsetsqlite3_value_double
                                    • String ID:
                                    • API String ID: 138650049-0
                                    • Opcode ID: 5208cd558a29fc67daa0bfd36d8ea035cda9b1f8d923fccde461c8dcdd901fe9
                                    • Instruction ID: 934b2b18f33f806329ac996c85db438b60bf852a209f2d0847fdc0635fb8d0dd
                                    • Opcode Fuzzy Hash: 5208cd558a29fc67daa0bfd36d8ea035cda9b1f8d923fccde461c8dcdd901fe9
                                    • Instruction Fuzzy Hash: 5E11C4317006079BDF24AE2DD810B6A37AAEF463A4F044429F88DCB340EB30DD41CB60
                                    APIs
                                      • Part of subcall function 01182C51: PyErr_SetString.PYTHON27(036A9748,getsockaddrlen: bad family,01185268,?,?), ref: 01182C72
                                    • memset.MSVCR90 ref: 0118535D
                                    • PyEval_SaveThread.PYTHON27 ref: 01185365
                                    • getpeername.WS2_32(?,?,?), ref: 0118537B
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01185384
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                    • String ID:
                                    • API String ID: 1387529023-0
                                    • Opcode ID: 98c3e538d60899f0d44983667493c4cc4bcf90f10c8a64136e90a8190f394907
                                    • Instruction ID: abfd1b1cf986529b7c0f4d1903a5e9eded205910d4040ed5fa9212533b1ba15e
                                    • Opcode Fuzzy Hash: 98c3e538d60899f0d44983667493c4cc4bcf90f10c8a64136e90a8190f394907
                                    • Instruction Fuzzy Hash: 9501A5B76042046BC314EBA4FC859ABB3ACEBC4125F04866AFE5D87145FA31D918C7E2
                                    APIs
                                      • Part of subcall function 01182C51: PyErr_SetString.PYTHON27(036A9748,getsockaddrlen: bad family,01185268,?,?), ref: 01182C72
                                    • memset.MSVCR90 ref: 011853ED
                                    • PyEval_SaveThread.PYTHON27 ref: 011853F5
                                    • getsockname.WS2_32(?,?,?), ref: 0118540B
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01185414
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                    • String ID:
                                    • API String ID: 772546412-0
                                    • Opcode ID: 2fe64a6928f68c9cf1aaa15be973b447141b17acfeb92127fefe80394bddded6
                                    • Instruction ID: 92ba78ef6c224f36684e1b741086d0bf797556fb3e2ce2440b9177f4d12b1f7c
                                    • Opcode Fuzzy Hash: 2fe64a6928f68c9cf1aaa15be973b447141b17acfeb92127fefe80394bddded6
                                    • Instruction Fuzzy Hash: 0201A9776042046BC314EAA4FC859AB73ACEBC4125F04866AFE5D87145FA31D918C7E2
                                    APIs
                                    • AreFileApisANSI.KERNEL32 ref: 02D9549A
                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 02D954B8
                                    • _malloc.LIBCMT ref: 02D954C2
                                      • Part of subcall function 02DC9D92: __FF_MSGBANNER.LIBCMT ref: 02DC9DB5
                                      • Part of subcall function 02DC9D92: __NMSG_WRITE.LIBCMT ref: 02DC9DBC
                                      • Part of subcall function 02DC9D92: RtlAllocateHeap.NTDLL(00000000,?,00000000,7622DF80,00000001,?,02D954C7,00000000), ref: 02DC9E09
                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 02D954D9
                                      • Part of subcall function 02DC9CB5: __lock.LIBCMT ref: 02DC9CD3
                                      • Part of subcall function 02DC9CB5: ___sbh_find_block.LIBCMT ref: 02DC9CDE
                                      • Part of subcall function 02DC9CB5: ___sbh_free_block.LIBCMT ref: 02DC9CED
                                      • Part of subcall function 02DC9CB5: HeapFree.KERNEL32(00000000,?,02DDD540,0000000C,02DCAA1D,00000000,02DDD5E0,0000000C,02DCAA57,?,?,?,02DCFA96,00000004,02DDD7F0,0000000C), ref: 02DC9D1D
                                      • Part of subcall function 02DC9CB5: GetLastError.KERNEL32(?,02DCFA96,00000004,02DDD7F0,0000000C,02DCD72B,?,?,00000000,00000000,00000000,?,02DCD33E,00000001,00000214), ref: 02DC9D2E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ByteCharHeapMultiWide$AllocateApisErrorFileFreeLast___sbh_find_block___sbh_free_block__lock_malloc
                                    • String ID:
                                    • API String ID: 1588936762-0
                                    • Opcode ID: 7d40385f873e1343e0001e3099a9146ddcd5cb10504f6635b7ee3344fb63449a
                                    • Instruction ID: 989cd1287d5dca23df2a8188fc3ac3b1d0cec6552c96a80f31891a901d42531d
                                    • Opcode Fuzzy Hash: 7d40385f873e1343e0001e3099a9146ddcd5cb10504f6635b7ee3344fb63449a
                                    • Instruction Fuzzy Hash: 0101B172605222BB9F226679BC40EBF37ADDB46370BA04225FC05E7380EA20DD1185F4
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?,02D9E64D), ref: 02D92BFD
                                    • sqlite3_mutex_leave.SQLITE3(?,02D9E64D), ref: 02D92C27
                                    • sqlite3_mutex_enter.SQLITE3 ref: 02D92C48
                                    • sqlite3_mutex_leave.SQLITE3 ref: 02D92C6D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 1477753154-0
                                    • Opcode ID: 7d33d0e39d8776eb60d1f1d62b0cea16ea13e7c0d7bacfd8f4cfa898a5750546
                                    • Instruction ID: 92d5b0357a420f3b950b8e57e498c336b8f9ec7397646376b5caac2409f2188e
                                    • Opcode Fuzzy Hash: 7d33d0e39d8776eb60d1f1d62b0cea16ea13e7c0d7bacfd8f4cfa898a5750546
                                    • Instruction Fuzzy Hash: B711C273D41151EACF2A7B34BC0D66937BAEB44362B140905FD016A384CF728C61CA60
                                    APIs
                                    • AreFileApisANSI.KERNEL32 ref: 02D95435
                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02D95455
                                    • _malloc.LIBCMT ref: 02D9545B
                                      • Part of subcall function 02DC9D92: __FF_MSGBANNER.LIBCMT ref: 02DC9DB5
                                      • Part of subcall function 02DC9D92: __NMSG_WRITE.LIBCMT ref: 02DC9DBC
                                      • Part of subcall function 02DC9D92: RtlAllocateHeap.NTDLL(00000000,?,00000000,7622DF80,00000001,?,02D954C7,00000000), ref: 02DC9E09
                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 02D95479
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$AllocateApisFileHeap_malloc
                                    • String ID:
                                    • API String ID: 1718858560-0
                                    • Opcode ID: 0411017a090a41c3987eb14432bc4609e5037f14844f789a2fb4a633ba35e2ab
                                    • Instruction ID: 79f1b76ffe4ab0d38ffeecfd1e6b1530532042b9327dcceee22aaf8a1c2b7802
                                    • Opcode Fuzzy Hash: 0411017a090a41c3987eb14432bc4609e5037f14844f789a2fb4a633ba35e2ab
                                    • Instruction Fuzzy Hash: D701A4F190111DBEAF116BA8ECC4DBF7B6DEA453E87604678F515E2280D6309E019AB0
                                    APIs
                                      • Part of subcall function 02D95339: GetVersionExA.KERNEL32(?), ref: 02D9535C
                                    • LockFileEx.KERNEL32(?,00000001,00000000,000001FE,00000000,?), ref: 02D95772
                                    • sqlite3_randomness.SQLITE3(00000004,?), ref: 02D95780
                                    • LockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 02D957B2
                                    • GetLastError.KERNEL32 ref: 02D957BE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: FileLock$ErrorLastVersionsqlite3_randomness
                                    • String ID:
                                    • API String ID: 3783970047-0
                                    • Opcode ID: a28927e5c1d550f3d33ffd242f74f354e9df5784b92b736fb136f8155f6703ae
                                    • Instruction ID: abe72d1fbfd5b52d29383047f876088c4554615f9c670b9936644e14908cae45
                                    • Opcode Fuzzy Hash: a28927e5c1d550f3d33ffd242f74f354e9df5784b92b736fb136f8155f6703ae
                                    • Instruction Fuzzy Hash: 2A018076A80705EBEB11ABA4EC86BAA77E9EB04711F504429F611D63C0DBB1ED008B54
                                    APIs
                                      • Part of subcall function 01184942: PyErr_SetString.PYTHON27(036A9748,getsockaddrarg: bad family,?,?,?,?,?,?,?), ref: 01184975
                                    • PyEval_SaveThread.PYTHON27 ref: 0118547A
                                    • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?), ref: 0118549A
                                    • PyErr_CheckSignals.PYTHON27 ref: 011854A8
                                    • PyInt_FromLong.PYTHON27(00000000), ref: 011854B3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_Eval_Thread$CheckFromInt_LongRestoreSaveSignalsString
                                    • String ID:
                                    • API String ID: 441766912-0
                                    • Opcode ID: 07b84792606a7f43a7286846a527c634c82e457b35e2e58f5736858ff82187d4
                                    • Instruction ID: da8dffe40bf0be528b58e1900f721e341f01377cedc2f279c88f96a00d49e1a5
                                    • Opcode Fuzzy Hash: 07b84792606a7f43a7286846a527c634c82e457b35e2e58f5736858ff82187d4
                                    • Instruction Fuzzy Hash: 8B01DF72A041146B9724AA6CEC049AF73ADDBC5221F00C27AFD69C2101FB35A9588BE2
                                    APIs
                                    • sqlite3_result_null.SQLITE3(?), ref: 02DB41C0
                                    • sqlite3_value_text.SQLITE3(?), ref: 02DB41CB
                                    • sqlite3_result_int.SQLITE3(?,00000000), ref: 02DB41F7
                                    • sqlite3_value_bytes.SQLITE3(?), ref: 02DB4200
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_result_intsqlite3_result_nullsqlite3_value_bytessqlite3_value_text
                                    • String ID:
                                    • API String ID: 2136695716-0
                                    • Opcode ID: 52ed53ebc8196a3e98d59bd72bd0f7af949b03ea88e06d9f4f4c8306fa5b6604
                                    • Instruction ID: ed4fdaa469b350db28208fb0b9ae009c9f763fcfdfc9cd1d8f8a5eb884095dd5
                                    • Opcode Fuzzy Hash: 52ed53ebc8196a3e98d59bd72bd0f7af949b03ea88e06d9f4f4c8306fa5b6604
                                    • Instruction Fuzzy Hash: 8F01F924D04185DB9A6FD92C5C348F73796DE222E47640246E5A7FA3E3DF10CE51C961
                                    APIs
                                    • sqlite3_initialize.SQLITE3 ref: 02DB8ADD
                                    • sqlite3_mutex_enter.SQLITE3(00000000,00000002), ref: 02DB8AF4
                                    • sqlite3_realloc.SQLITE3(00000000,00000000), ref: 02DB8B27
                                    • sqlite3_mutex_leave.SQLITE3(00000000), ref: 02DB8B4C
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_initializesqlite3_mutex_entersqlite3_mutex_leavesqlite3_realloc
                                    • String ID:
                                    • API String ID: 4044328851-0
                                    • Opcode ID: 7d56be15f59774e910c5d72b10393d3f24319ad1b47246ec51e155cb96139fd1
                                    • Instruction ID: 2996b37a3a0fd00bdc94359cfa3c1b0c39915264c2d49e5d98f24f9cb46b289a
                                    • Opcode Fuzzy Hash: 7d56be15f59774e910c5d72b10393d3f24319ad1b47246ec51e155cb96139fd1
                                    • Instruction Fuzzy Hash: 5F01ACB1604242DADF257E74A8A5E7A77ADDF55760B10042EED42CB350EB309C01D664
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                    • String ID:
                                    • API String ID: 3016257755-0
                                    • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                    • Instruction ID: 7cafc1b2365605dd007d45a1b96761cffe86093bcdd083f978b48566e69ee412
                                    • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                    • Instruction Fuzzy Hash: 7011393200054ABBCF265E84CC598EE3F67BB18354F598415FE6859632D337C9B2EB91
                                    APIs
                                    • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 02D9568D
                                    • GetLastError.KERNEL32 ref: 02D9569E
                                    • SetEndOfFile.KERNEL32(?), ref: 02D956B1
                                    • GetLastError.KERNEL32 ref: 02D956BB
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorFileLast$Pointer
                                    • String ID:
                                    • API String ID: 1697706070-0
                                    • Opcode ID: 999ea6bb99c2e7c673511d4f5f033dd08f9b3164cc843bac0f7f3fbe300b725d
                                    • Instruction ID: d1bef58999d0ae3e6a404f82850fd296d152181141cc2fc4cfc85d2e62011073
                                    • Opcode Fuzzy Hash: 999ea6bb99c2e7c673511d4f5f033dd08f9b3164cc843bac0f7f3fbe300b725d
                                    • Instruction Fuzzy Hash: 1BF06D32600644ABCF119F68FC00AAA37A8AB84260BA04635F966D6394DB31ED10DBA1
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 01195542
                                    • sqlite3_finalize.SQLITE3(00000000), ref: 0119554D
                                    • PyEval_RestoreThread.PYTHON27(00000000,00000000), ref: 01195553
                                    • PyObject_ClearWeakRefs.PYTHON27(?), ref: 01195580
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$ClearObject_RefsRestoreSaveWeaksqlite3_finalize
                                    • String ID:
                                    • API String ID: 4081682261-0
                                    • Opcode ID: 6e13d1568c42f67a9c6434d436d96d1169bd4baa7a7bbbb9f9d36bc5b1478571
                                    • Instruction ID: 6662ee77d806bbde1bf554014602038c8b372ebaa5ee41d6e6d291b2d3dc0c3a
                                    • Opcode Fuzzy Hash: 6e13d1568c42f67a9c6434d436d96d1169bd4baa7a7bbbb9f9d36bc5b1478571
                                    • Instruction Fuzzy Hash: EDF03132014700CFEB2A5F28E448B9AB7F6FF05321F14846AF16692591CB35E481CF50
                                    APIs
                                    • sqlite3_aggregate_context.SQLITE3(?,00000000), ref: 02DB556F
                                    • sqlite3_result_error_toobig.SQLITE3(?), ref: 02DB5581
                                    • sqlite3_result_error_nomem.SQLITE3(?), ref: 02DB558F
                                    • sqlite3_result_text.SQLITE3(?,00000000,000000FF,?), ref: 02DB55A8
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_text
                                    • String ID:
                                    • API String ID: 1667021798-0
                                    • Opcode ID: f39695b771356080f01f2b9075acd2ad5dce35813be4eda1d2e11e3481abde78
                                    • Instruction ID: d1782777552ca5874ed42298e0ceb2f5508f9876465108cd8d14f0d7236ee70b
                                    • Opcode Fuzzy Hash: f39695b771356080f01f2b9075acd2ad5dce35813be4eda1d2e11e3481abde78
                                    • Instruction Fuzzy Hash: 11E0E56210D26079EA963A2C7C28FDE068B8F42321F5401C6F411163D1DB08DE81C5F9
                                    APIs
                                    • __getptd.LIBCMT ref: 02DCF858
                                      • Part of subcall function 02DCD38C: __getptd_noexit.LIBCMT ref: 02DCD38F
                                      • Part of subcall function 02DCD38C: __amsg_exit.LIBCMT ref: 02DCD39C
                                    • __getptd.LIBCMT ref: 02DCF86F
                                    • __amsg_exit.LIBCMT ref: 02DCF87D
                                    • __lock.LIBCMT ref: 02DCF88D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                    • String ID:
                                    • API String ID: 3521780317-0
                                    • Opcode ID: c6a96b9ef0e58f252579a53943bd496149f047fdaf75849f5f1b774d3d405bb3
                                    • Instruction ID: 00373fed124b8d2e052b0a7b34fed972de013c0838be96076caac9067b7dc623
                                    • Opcode Fuzzy Hash: c6a96b9ef0e58f252579a53943bd496149f047fdaf75849f5f1b774d3d405bb3
                                    • Instruction Fuzzy Hash: E7F0F972A496169EDB20BBA4980578D73A2EF44725F30465F9481AB7D0CB749D00CEA1
                                    APIs
                                    • sqlite3_prepare.SQLITE3(?,00000000,000000FF,00000000,00000000), ref: 02DC13D0
                                    • sqlite3_errcode.SQLITE3(?), ref: 02DC13DF
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_errcodesqlite3_prepare
                                    • String ID:
                                    • API String ID: 1606680843-0
                                    • Opcode ID: af4b90f7fc431617cf0417e04e2d8a90187ab4c1069a9e979ef44783adaafeea
                                    • Instruction ID: 613b1e99adae83ae6098fadf92706013451e3d7f760fec3050c129ce587dccc9
                                    • Opcode Fuzzy Hash: af4b90f7fc431617cf0417e04e2d8a90187ab4c1069a9e979ef44783adaafeea
                                    • Instruction Fuzzy Hash: B0E03931108209BADF012E40EC11FA8375AEB00338F60C266F96C496A1DB72DE60DE60
                                    APIs
                                    • PyEval_SaveThread.PYTHON27 ref: 01181018
                                    • gethostname.WS2_32(000003FF,000003FF), ref: 0118102A
                                    • PyEval_RestoreThread.PYTHON27(00000000), ref: 01181033
                                    • PyString_FromString.PYTHON27 ref: 01181052
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Eval_Thread$FromRestoreSaveStringString_gethostname
                                    • String ID:
                                    • API String ID: 200630408-0
                                    • Opcode ID: f2a2e86ccd31a2483301d3e0bb28f9c7bf501970aa30bf670a4030057678cad3
                                    • Instruction ID: 558cfbbc2164371a5141da612b21713e66ab68a2d450d6714f36ec897ced6bdd
                                    • Opcode Fuzzy Hash: f2a2e86ccd31a2483301d3e0bb28f9c7bf501970aa30bf670a4030057678cad3
                                    • Instruction Fuzzy Hash: D0E09BB59042106BD3297B64A80CBAF3F68AF94315F448538FB29D2145E734515AC76B
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3 ref: 02D97186
                                    • sqlite3_mutex_leave.SQLITE3(00000000), ref: 02D971B3
                                    • sqlite3_free.SQLITE3(?,00000000), ref: 02D971BB
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_enter.SQLITE3(00000000,02DC835C,00000000), ref: 02D92CD4
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_leave.SQLITE3 ref: 02D92CF8
                                    • sqlite3_free.SQLITE3(?,?,00000000), ref: 02D971C1
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_freesqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID:
                                    • API String ID: 2240884162-0
                                    • Opcode ID: 0c69bfda2b4b0a59fde3c1d93e55d2b1785f057c1224344f335e091f5ee27b6b
                                    • Instruction ID: 5d4de756d4e2ce0a80e5b53c1d9ff12c8c574b1731bb8dd10847afbe1e56f561
                                    • Opcode Fuzzy Hash: 0c69bfda2b4b0a59fde3c1d93e55d2b1785f057c1224344f335e091f5ee27b6b
                                    • Instruction Fuzzy Hash: 3EE09271981280EFCF44BF79EC8890937AAEB04301F188899BD885E322DA359C65DF71
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(00000000,00000002), ref: 02DB8B6C
                                    • sqlite3_free.SQLITE3(00000000,00000002), ref: 02DB8B77
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_enter.SQLITE3(00000000,02DC835C,00000000), ref: 02D92CD4
                                      • Part of subcall function 02D92CBC: sqlite3_mutex_leave.SQLITE3 ref: 02D92CF8
                                    • sqlite3_mutex_leave.SQLITE3(00000000,00000000,00000002), ref: 02DB8B8B
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                    • String ID:
                                    • API String ID: 251237202-0
                                    • Opcode ID: 3504c4e01de4f322a52ca0644e205b56dea0de5d4f407765f6d1b4b74204035d
                                    • Instruction ID: 6b30cbca0e83cfd636673898153795d6ab9c5df1b096e58e144c45b6a995572e
                                    • Opcode Fuzzy Hash: 3504c4e01de4f322a52ca0644e205b56dea0de5d4f407765f6d1b4b74204035d
                                    • Instruction Fuzzy Hash: 57D05B72850650B6EF213620BC0DB6A735DDF21365F000404FC0455751D7680D268E75
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 8$8
                                    • API String ID: 0-215168002
                                    • Opcode ID: d37af62e5fd046a1605a471757801b79825182a177de59b84d8d6e5a25a86106
                                    • Instruction ID: 3175f5cc9afc4fee36aa9c72611e57d918aa58d469c2fb04172ac1c884d919ed
                                    • Opcode Fuzzy Hash: d37af62e5fd046a1605a471757801b79825182a177de59b84d8d6e5a25a86106
                                    • Instruction Fuzzy Hash: 12020575900605EFCF16DF58C890AAABBB2FF48314F24819AD84AAB355D371DE91CF90
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _time64memcpy
                                    • String ID: .\ssl\s23_clnt.c
                                    • API String ID: 1622878224-2564810286
                                    • Opcode ID: c7d88ad228e60da318415a62376b7d945d65c480fe567c9c20d7770eee521a6a
                                    • Instruction ID: a7c41108a7d085459d381ef886b689221dd39ba6c4b8eb77e4914b8018896751
                                    • Opcode Fuzzy Hash: c7d88ad228e60da318415a62376b7d945d65c480fe567c9c20d7770eee521a6a
                                    • Instruction Fuzzy Hash: F5C177B16083829FD710CF29CC8179ABBE8DF95354F08866DED898B382D275D549C7A2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _time64memcpy
                                    • String ID: .\ssl\ssl_sess.c
                                    • API String ID: 1622878224-1959455021
                                    • Opcode ID: 769c12eee331b9d13722a8a9a4bf3a57893f5da238e5520c51c3701aeafd79a2
                                    • Instruction ID: e43c5d5b474fffd31d76215501dd1b81ec661402945425c0a0ed18b4227ed9e7
                                    • Opcode Fuzzy Hash: 769c12eee331b9d13722a8a9a4bf3a57893f5da238e5520c51c3701aeafd79a2
                                    • Instruction Fuzzy Hash: EEA1C3B5A043869FD730DF65C840BEBB7F8AF84304F04496DE5999B282E771E844CB62
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast_time64
                                    • String ID: .\ssl\s2_clnt.c
                                    • API String ID: 16934928-1288958543
                                    • Opcode ID: 0049f6ab48deddbfe6e013105015bedb33cc497f2a8087466ab83c8e65ff45b5
                                    • Instruction ID: 1fc522448f36a2234f502a76589e5545342dd8dd66796fa403a031cee07f364b
                                    • Opcode Fuzzy Hash: 0049f6ab48deddbfe6e013105015bedb33cc497f2a8087466ab83c8e65ff45b5
                                    • Instruction Fuzzy Hash: 978115B59A47838BD721EF66DE9075BB2E5BF40300F48183EE5868BB80D775F4848B52
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %s%c%08lx.%s%d$.\crypto\x509\by_dir.c
                                    • API String ID: 0-2081607520
                                    • Opcode ID: 04bed5f5b7e74b7cedf8abf6b948566d9af0f40ecf640509edf0d0b180c2cb3f
                                    • Instruction ID: ec9d663b898d3b1f6305bdeaa6226a5d9313ec7fb1ac6ea75cc33555313f504e
                                    • Opcode Fuzzy Hash: 04bed5f5b7e74b7cedf8abf6b948566d9af0f40ecf640509edf0d0b180c2cb3f
                                    • Instruction Fuzzy Hash: 5171BE79A54382AFD720DF14CE91F6BB3E5BB94704F04891DF95A9B380D730E9058BA2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _time64memcpy
                                    • String ID: .\ssl\s3_clnt.c
                                    • API String ID: 1622878224-2155475665
                                    • Opcode ID: ed60340722c8c382ae2d19e0b1944d9affab84bf57a9975d81c1112070b8e368
                                    • Instruction ID: 3e236bcdef84fc70f250d8ad69a99527c85849722915c1090c2676f927bb816e
                                    • Opcode Fuzzy Hash: ed60340722c8c382ae2d19e0b1944d9affab84bf57a9975d81c1112070b8e368
                                    • Instruction Fuzzy Hash: 8A513CB5A403469FD710DE6ADC80BDB7BA89F52300F48416DED899F382D634E449C7B1
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpyqsort
                                    • String ID: .\crypto\asn1\tasn_enc.c
                                    • API String ID: 1087769647-275914727
                                    • Opcode ID: d217601f817de39ac5ba5c43f360e881196847d8b69fc5d6a7955532c494b560
                                    • Instruction ID: 08fe6a1e4465264a1182951f47de6095f72e66dcece795c514c771eccb007e97
                                    • Opcode Fuzzy Hash: d217601f817de39ac5ba5c43f360e881196847d8b69fc5d6a7955532c494b560
                                    • Instruction Fuzzy Hash: 3251B37A9083056BD300FF65EC90EAFB3A9EFC6254F44092EF855CB311E635E94587A2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast_time64
                                    • String ID: .\ssl\s23_clnt.c
                                    • API String ID: 16934928-2564810286
                                    • Opcode ID: f52c53a9506d793c7a62b5cc4c4fd13b25eebcf19001852df0fa137ef345fdea
                                    • Instruction ID: e6a4f52af6f0c8ea33e04d5a390fd3cd9ef7329e0f9c23c5712c7d1246a801cc
                                    • Opcode Fuzzy Hash: f52c53a9506d793c7a62b5cc4c4fd13b25eebcf19001852df0fa137ef345fdea
                                    • Instruction Fuzzy Hash: A051EAF5D407029BE720EB56DD81BDBB2B9AF40704F0C0839EB469A2C1D7F9F4458666
                                    APIs
                                    • __aulldvrm.LIBCMT ref: 03F6A90B
                                      • Part of subcall function 03F6A6A0: memcpy.MSVCR90(00000000,?,?,VC-WIN32,03F61272,00000000), ref: 03F6A6E3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __aulldvrmmemcpy
                                    • String ID: 0123456789ABCDEF$0123456789abcdef
                                    • API String ID: 2393173239-885041942
                                    • Opcode ID: 174066e60a2840c5f4dc9571b0c6d7ae0b8707b81d8fca9cee2ae7a3925010d4
                                    • Instruction ID: 4a7461fbd7a49013bdbcb031bba4527a745e7623ff822c6b7235b7bdab0a3cd7
                                    • Opcode Fuzzy Hash: 174066e60a2840c5f4dc9571b0c6d7ae0b8707b81d8fca9cee2ae7a3925010d4
                                    • Instruction Fuzzy Hash: 4C5190B5A087828FCF14DE24D89062FF7E5AFC9204F09496DE9D5A7301E731E909CB92
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 10ebfcd217c9a0e5e0fb051481dc4c24092faed742740c564a8d372c669c677e
                                    • Instruction ID: 16806be0b484cd95ed18e3253f057a2bdbf9cee6eaec94c3da32158454ce7e5b
                                    • Opcode Fuzzy Hash: 10ebfcd217c9a0e5e0fb051481dc4c24092faed742740c564a8d372c669c677e
                                    • Instruction Fuzzy Hash: 55D15CB5604305AFEB14DF68CC84E7BB7EDEBC9740F044A2DF94587244E631E8058BA2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _time64memcpy
                                    • String ID: .\ssl\s3_srvr.c
                                    • API String ID: 1622878224-3445611115
                                    • Opcode ID: 19bf72d85e6eb386ab4fa7c426d68fef94c5745bc9039722f8eba8795a820470
                                    • Instruction ID: 221e4edd7453cb408915140f599a4e493cef5acf15675f5894ef236aff7df896
                                    • Opcode Fuzzy Hash: 19bf72d85e6eb386ab4fa7c426d68fef94c5745bc9039722f8eba8795a820470
                                    • Instruction Fuzzy Hash: 1E416AB56043869BC710DF29DC8079A7BA9EF92300F0881ACED894F387D775E949C7A1
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: ErrorLast_time64
                                    • String ID: .\ssl\s23_srvr.c
                                    • API String ID: 16934928-3589918356
                                    • Opcode ID: 7228362e64a227be51a1802185d101ba7030781e9713c18871dfc44d40bd2933
                                    • Instruction ID: 1f3d14d62f447e60ccab60d0ae09ac2837251d882f74d16c887937776236d568
                                    • Opcode Fuzzy Hash: 7228362e64a227be51a1802185d101ba7030781e9713c18871dfc44d40bd2933
                                    • Instruction Fuzzy Hash: FC4127F5A40B025BE720EB669D81BD7B6B8EF40704F084439EF069A681E7F5F604C662
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: strtoul
                                    • String ID: .\crypto\asn1\asn1_gen.c$Char=
                                    • API String ID: 3805803174-708889550
                                    • Opcode ID: 6fcd5e4daf545682a4943a9a4c041229c5b07a14dfbf4fa3877f89de8b4054c5
                                    • Instruction ID: 4c61d9e23d981cb37c97512a74b4883d69c034c58b4fd13a64a392ec5957621a
                                    • Opcode Fuzzy Hash: 6fcd5e4daf545682a4943a9a4c041229c5b07a14dfbf4fa3877f89de8b4054c5
                                    • Instruction Fuzzy Hash: 18213B366117515BFB20EA1CEC51B9BB7905F82B15F8C006BF844DE2C1D7EAC54982E3
                                    APIs
                                      • Part of subcall function 011936E2: PyErr_SetString.PYTHON27(Recursive use of cursors not allowed.,01193762), ref: 011936F3
                                    • PyErr_SetString.PYTHON27(Cursor needed to be reset because of commit/rollback and can no longer be fetched from.,?,00000000,011941B7,?), ref: 01194078
                                    Strings
                                    • Cursor needed to be reset because of commit/rollback and can no longer be fetched from., xrefs: 0119406D
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_String
                                    • String ID: Cursor needed to be reset because of commit/rollback and can no longer be fetched from.
                                    • API String ID: 1450464846-3353312815
                                    • Opcode ID: 00ef12fcf2b33b0beb3bb73648c6b0775bc285fdfedbae056d5b450e44ee4cdd
                                    • Instruction ID: 31ea3e5a609035395576496eb90d64f5d9ac0c667f957981cf1e2fac712efeef
                                    • Opcode Fuzzy Hash: 00ef12fcf2b33b0beb3bb73648c6b0775bc285fdfedbae056d5b450e44ee4cdd
                                    • Instruction Fuzzy Hash: 5921E472204102EFCF2C9F2CEA84899B7B5FF19211319456AE53997E11DB31FC52CB90
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\dso\dso_win32.c$symname(
                                    • API String ID: 0-1441745606
                                    • Opcode ID: a174689ee0ded936fb1bd7f2880a43da3da1744b5317cf265b8fd97495786b26
                                    • Instruction ID: 1e12eeceeac5d02fc4aa88768865bf3c5def62d8d11453538789db20323d75b3
                                    • Opcode Fuzzy Hash: a174689ee0ded936fb1bd7f2880a43da3da1744b5317cf265b8fd97495786b26
                                    • Instruction Fuzzy Hash: C211EEB9FC87013AE530F5B6BC03F4F72685B92F11F084428B719EE1C7E6A2D5414295
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .\crypto\dso\dso_win32.c$symname(
                                    • API String ID: 0-1441745606
                                    • Opcode ID: 798412e0f2f43cf4841c44f3e7a16fc2d65432198d910777a5a4ba3494cc00fb
                                    • Instruction ID: 6836bbf7dbd86ce4144938bbe79c9722761794054c35b155193be6b6f7ff68ba
                                    • Opcode Fuzzy Hash: 798412e0f2f43cf4841c44f3e7a16fc2d65432198d910777a5a4ba3494cc00fb
                                    • Instruction Fuzzy Hash: 1411EEA9FC83027BE530F575BC07F5B72685B92F11F080824BB59EE1C3EA91D8414651
                                    APIs
                                    • sqlite3_exec.SQLITE3(00000000,00000000,02DAF33E,?,00000000,?,00000000,00000000,?,?,02DBAA3E), ref: 02DAF41A
                                    Strings
                                    • SELECT idx, stat FROM %Q.sqlite_stat1, xrefs: 02DAF3F6
                                    • sqlite_stat1, xrefs: 02DAF3DD
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_exec
                                    • String ID: SELECT idx, stat FROM %Q.sqlite_stat1$sqlite_stat1
                                    • API String ID: 2141490097-1024560077
                                    • Opcode ID: 6d50e6cbaa48e0afd34d7748f970b64741fb30c1cd2390e1698f2933c223bda9
                                    • Instruction ID: 04441ce3eac3bbb3dc86df22d7b88f730c05bcb4d43d715dd09ddfd9d6671477
                                    • Opcode Fuzzy Hash: 6d50e6cbaa48e0afd34d7748f970b64741fb30c1cd2390e1698f2933c223bda9
                                    • Instruction Fuzzy Hash: 6311E572604705AFE710AB58E890E5A73ADDF85724F20449AE98297741EAA5EC0687A0
                                    APIs
                                    • sqlite3_snprintf.SQLITE3(00000020,?,%!.15g,00000000,00000000,?,?,?,02DA1127,?,?,?,02DA35E5,00000001,?), ref: 02DA0770
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_snprintf
                                    • String ID: %!.15g$%lld
                                    • API String ID: 949980604-2983862324
                                    • Opcode ID: 3a0dede08244f4c5df18212b628f065006ea3349fa2a2d5506da13b34fa4a2e8
                                    • Instruction ID: cd8b469a3d43a42f5d3fcb4e8840d48097cad7bcece3dd93ed8d72d2b46f32b8
                                    • Opcode Fuzzy Hash: 3a0dede08244f4c5df18212b628f065006ea3349fa2a2d5506da13b34fa4a2e8
                                    • Instruction Fuzzy Hash: 3E01F231204A06FAE7005B999C16F11BBA5EF04320F004216E554853C2EB72ECA0CBE5
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _time64memset
                                    • String ID: .\ssl\ssl_sess.c
                                    • API String ID: 899224009-1959455021
                                    • Opcode ID: d27e5ac0b7e1a053afb1ea9bccbd646ab4e9dc5bc2f313bf45ae9e668f45b1e3
                                    • Instruction ID: 12f348bebe506b42cfd195642327ba0da2d3877d350af65339da54324af6fc0a
                                    • Opcode Fuzzy Hash: d27e5ac0b7e1a053afb1ea9bccbd646ab4e9dc5bc2f313bf45ae9e668f45b1e3
                                    • Instruction Fuzzy Hash: 2C018471A407006AE770EB795C01FCBBAD8EF81710F00051EF5AE9B281D7B0144487A2
                                    APIs
                                      • Part of subcall function 02D91D12: _memset.LIBCMT ref: 02D91D1F
                                      • Part of subcall function 02D91D12: sqlite3_value_text.SQLITE3(?), ref: 02D91D9A
                                      • Part of subcall function 02D9161E: __allrem.LIBCMT ref: 02D91647
                                    • sqlite3_snprintf.SQLITE3(00000064,?,%04d-%02d-%02d %02d:%02d:%02d,?,?,?,?,?,00000000), ref: 02D91E67
                                    • sqlite3_result_text.SQLITE3(?,?,000000FF,000000FF), ref: 02D91E7B
                                    Strings
                                    • %04d-%02d-%02d %02d:%02d:%02d, xrefs: 02D91E5F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __allrem_memsetsqlite3_result_textsqlite3_snprintfsqlite3_value_text
                                    • String ID: %04d-%02d-%02d %02d:%02d:%02d
                                    • API String ID: 1517120602-4146437471
                                    • Opcode ID: 21c12566d570f1ca1d3b33c61f75650b997d1b98f27f6dae57500116e78a660b
                                    • Instruction ID: ab4709bbcbbd838acfd2b660a24e7f51e13ca30e90d878dc7d9a05d9ded880d3
                                    • Opcode Fuzzy Hash: 21c12566d570f1ca1d3b33c61f75650b997d1b98f27f6dae57500116e78a660b
                                    • Instruction Fuzzy Hash: F501D632408206BBDF016F94CD01D5E7BEAEF48768F000B54FA6C512A0E732EE259B92
                                    APIs
                                    • PyArg_ParseTupleAndKeywords.PYTHON27(00000000,?,O|diOiOi,0119A1C4,?,?,00000000,?,?,00000000,?), ref: 0119450D
                                    • PyObject_Call.PYTHON27(00000000,?,?), ref: 01194532
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_CallKeywordsObject_ParseTuple
                                    • String ID: O|diOiOi
                                    • API String ID: 3885799289-2129584117
                                    • Opcode ID: b8d5f210c8d46d28c07b48702e96a8895be26f43edc8ca8bf94ca085ae00f0f9
                                    • Instruction ID: 9fd70f71b419c80ce7d0580d188f65063b74c211b91cfa56cfba1eecf854d7b8
                                    • Opcode Fuzzy Hash: b8d5f210c8d46d28c07b48702e96a8895be26f43edc8ca8bf94ca085ae00f0f9
                                    • Instruction Fuzzy Hash: 7601A2B280020DFBDF06CFC1E945AEEBBB8BF08309F1045A6E521A2140E77596689B94
                                    APIs
                                    • PyArg_ParseTuple.PYTHON27(?,O|i,?,?), ref: 0119105F
                                    • PyDict_New.PYTHON27 ref: 0119108A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Arg_Dict_ParseTuple
                                    • String ID: O|i
                                    • API String ID: 745972949-862190825
                                    • Opcode ID: f6832baf9c0852808d63d1e991dd2de065a5a511be31ee55cefacd97e1c33aa2
                                    • Instruction ID: 26682557506f3e0cf209fcdc08f3bc4626b11b5dd249d71fa817c79beb16e7b1
                                    • Opcode Fuzzy Hash: f6832baf9c0852808d63d1e991dd2de065a5a511be31ee55cefacd97e1c33aa2
                                    • Instruction Fuzzy Hash: 18015E75910705EFDB25CF68C90479A7BF8EF04365F108A59E826D7280E771E7848F90
                                    APIs
                                      • Part of subcall function 02D91D12: _memset.LIBCMT ref: 02D91D1F
                                      • Part of subcall function 02D91D12: sqlite3_value_text.SQLITE3(?), ref: 02D91D9A
                                    • sqlite3_snprintf.SQLITE3(00000064,?,%04d-%02d-%02d,?,?,?), ref: 02D91F37
                                    • sqlite3_result_text.SQLITE3(?,?,000000FF,000000FF,00000064,?,%04d-%02d-%02d,?,?,?), ref: 02D91F48
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: _memsetsqlite3_result_textsqlite3_snprintfsqlite3_value_text
                                    • String ID: %04d-%02d-%02d
                                    • API String ID: 3990868262-516894531
                                    • Opcode ID: d9af7ffed8e2c5972c60cd558642941c70d4bd257df8e30714bc223ceb39080a
                                    • Instruction ID: 67cf27daa965339e6e922dff8e715c07b8291ef0529a5ed0aa0fc6c732256b08
                                    • Opcode Fuzzy Hash: d9af7ffed8e2c5972c60cd558642941c70d4bd257df8e30714bc223ceb39080a
                                    • Instruction Fuzzy Hash: FCF0963240820A7BDF01AE94DC01E9A7FAAEB55360F104715BD78411F0E732DA659B92
                                    APIs
                                      • Part of subcall function 02D91D12: _memset.LIBCMT ref: 02D91D1F
                                      • Part of subcall function 02D91D12: sqlite3_value_text.SQLITE3(?), ref: 02D91D9A
                                      • Part of subcall function 02D9161E: __allrem.LIBCMT ref: 02D91647
                                    • sqlite3_snprintf.SQLITE3(00000064,?,%02d:%02d:%02d,?,?,00000000), ref: 02D91ED3
                                    • sqlite3_result_text.SQLITE3(?,?,000000FF,000000FF,00000064,?,%02d:%02d:%02d,?,?,00000000), ref: 02D91EE4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: __allrem_memsetsqlite3_result_textsqlite3_snprintfsqlite3_value_text
                                    • String ID: %02d:%02d:%02d
                                    • API String ID: 1517120602-3862977440
                                    • Opcode ID: 00b406266c83550510b37e9fc337e5fb6e8dd76b0e6fe03440131991403706ee
                                    • Instruction ID: 14477fa7f56dde5789802c58fcfaa41db259b85eab878542d75dff4109864221
                                    • Opcode Fuzzy Hash: 00b406266c83550510b37e9fc337e5fb6e8dd76b0e6fe03440131991403706ee
                                    • Instruction Fuzzy Hash: A3F0963140820A7BDF01AE90DC01E5A77AEEB04324F104724BDB8412E0FB72DE299B56
                                    APIs
                                    • sqlite3_mutex_enter.SQLITE3(?,00000000,?,?,02DBB01F), ref: 02DA4315
                                    • sqlite3_mutex_leave.SQLITE3(?,00000000), ref: 02DA4350
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                    • String ID: (
                                    • API String ID: 1477753154-3887548279
                                    • Opcode ID: 0b9445969124dacf7ce072d51af29b4489a023db3a6ab8e2e2f21af31da7f872
                                    • Instruction ID: c08c4afb2a6dbcd937a650bdd463ed7de1d2e01a053342bec84b7573ac758181
                                    • Opcode Fuzzy Hash: 0b9445969124dacf7ce072d51af29b4489a023db3a6ab8e2e2f21af31da7f872
                                    • Instruction Fuzzy Hash: 7BF03031904205EFCB44EBA8DA85AADB7F1FF0431AF604466D84197611E770ED91DF14
                                    APIs
                                    • sqlite3_strnicmp.SQLITE3(?,sqlite_,00000007), ref: 02DB0669
                                    Strings
                                    • sqlite_, xrefs: 02DB0660
                                    • object name reserved for internal use: %s, xrefs: 02DB0679
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4063317111.0000000002D91000.00000020.00000001.01000000.0000000E.sdmp, Offset: 02D90000, based on PE: true
                                    • Associated: 00000002.00000002.4063300508.0000000002D90000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063346715.0000000002DD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063363738.0000000002DE0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 00000002.00000002.4063380035.0000000002DE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_2d90000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: sqlite3_strnicmp
                                    • String ID: object name reserved for internal use: %s$sqlite_
                                    • API String ID: 1961171630-4055618681
                                    • Opcode ID: 81040486dfecb42a568a5215721bde2d235c9c0faedc7a4291d017b7868f9f9b
                                    • Instruction ID: 078cae2a5b397a11c445ec65171056d5f09aea356758435535172790a0ab008d
                                    • Opcode Fuzzy Hash: 81040486dfecb42a568a5215721bde2d235c9c0faedc7a4291d017b7868f9f9b
                                    • Instruction Fuzzy Hash: E0E02BB16143C1AFFB1296309C01B5367D19FC0336F05455BF857C1291D7A08C58CF10
                                    APIs
                                    • Py_BuildValue.PYTHON27((OO),01194644,0119A1E8,?,01194644,?,?), ref: 01194318
                                    • PyDict_SetItem.PYTHON27(00000000,?,?,?,?,?), ref: 01194338
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: BuildDict_ItemValue
                                    • String ID: (OO)
                                    • API String ID: 794051784-173496726
                                    • Opcode ID: a7a9f2ce5b8c25c8d71c21f0fc6b712c6430dd386155eecfa42dd08c8b055e46
                                    • Instruction ID: b079c5893898c937eccdd9f95bcfee06469a1308ad84b86d208ce55c12cb95eb
                                    • Opcode Fuzzy Hash: a7a9f2ce5b8c25c8d71c21f0fc6b712c6430dd386155eecfa42dd08c8b055e46
                                    • Instruction Fuzzy Hash: A4E02B361081205BCB351B2DBC04CCA3FA1EF853727050565FA3482254C3218886CBD1
                                    APIs
                                    • PyObject_CallMethod.PYTHON27(?,upper,011979D8,?,011932CB,00000000), ref: 01193182
                                    • PyDict_GetItem.PYTHON27(00000000,00000000), ref: 0119319B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: CallDict_ItemMethodObject_
                                    • String ID: upper
                                    • API String ID: 3512522935-1851776924
                                    • Opcode ID: 9b563fbab2cc043f0babb11f62c1a3c0ba8619cc5f195cf3b162b10c67b866b1
                                    • Instruction ID: 00b3f658e7d1b5277e46f7181e5233049e10d4bb516c4f322bc71945eca0c287
                                    • Opcode Fuzzy Hash: 9b563fbab2cc043f0babb11f62c1a3c0ba8619cc5f195cf3b162b10c67b866b1
                                    • Instruction Fuzzy Hash: 6EE04F362582209BCF3D1A19FC09DCA3BF1EF95772315047AF875C62A9D7219885CBD8
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: getenvstrtoul
                                    • String ID: OPENSSL_ia32cap
                                    • API String ID: 873824288-399759565
                                    • Opcode ID: 2da42bdda85f1c16d73c7b92523da250a5dadd5b129f28e314b5a2a52b189060
                                    • Instruction ID: c586039a752737eb25be45318e9d89bbeb04aaab88d90a764d6375a123fc5b71
                                    • Opcode Fuzzy Hash: 2da42bdda85f1c16d73c7b92523da250a5dadd5b129f28e314b5a2a52b189060
                                    • Instruction Fuzzy Hash: 62E0C2F4C4030B69EF00EF209CAAF563970C300341F140978E621B92E6E7BD98C08B51
                                    APIs
                                    • PyOS_snprintf.PYTHON27(?,00000200,<socket object, fd=%ld, family=%d, type=%d, protocol=%d>,?,?,?,?), ref: 01182782
                                    • PyString_FromString.PYTHON27(?), ref: 0118278D
                                    Strings
                                    • <socket object, fd=%ld, family=%d, type=%d, protocol=%d>, xrefs: 01182773
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062884010.0000000001181000.00000020.00000001.01000000.0000000B.sdmp, Offset: 01180000, based on PE: true
                                    • Associated: 00000002.00000002.4062866229.0000000001180000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062896873.0000000001186000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062908651.0000000001188000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 00000002.00000002.4062920290.000000000118B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1180000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: FromS_snprintfStringString_
                                    • String ID: <socket object, fd=%ld, family=%d, type=%d, protocol=%d>
                                    • API String ID: 2529899906-3987198574
                                    • Opcode ID: ff512db29f658cd5fe013070f39529e9c7204a878df0e5596e9d01d0abcb1841
                                    • Instruction ID: fc30afbd2deea35a7b88b08ed6f3008d9e18a76fb496a5c202086b9362adf5e5
                                    • Opcode Fuzzy Hash: ff512db29f658cd5fe013070f39529e9c7204a878df0e5596e9d01d0abcb1841
                                    • Instruction Fuzzy Hash: A8E04FB5100200AFD318DF54E88DE2BB7F9BBC8700F00C55CB12547296D734E808CB21
                                    APIs
                                    • PyErr_SetString.PYTHON27(Cannot operate on a closed database.,01191B62,011915A1,?,?,011915A1,?,?), ref: 01191A7B
                                    Strings
                                    • Base Connection.__init__ not called., xrefs: 01191A70
                                    • Cannot operate on a closed database., xrefs: 01191A8C
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Err_String
                                    • String ID: Base Connection.__init__ not called.$Cannot operate on a closed database.
                                    • API String ID: 1450464846-2493460445
                                    • Opcode ID: e514d7d2f4f08a6a558c824f773ad25a666c827c51590b03e43d84bc2de771b4
                                    • Instruction ID: af189c6d725e24e757c2a7896f16e13bb11fbd4df267aa317ef70d73a1c36b20
                                    • Opcode Fuzzy Hash: e514d7d2f4f08a6a558c824f773ad25a666c827c51590b03e43d84bc2de771b4
                                    • Instruction Fuzzy Hash: 58D0A731529242FFDF2C4A20FC05B1136D1DF01332F0054F8E035900A6D77848C08A01
                                    APIs
                                    • PyDict_New.PYTHON27(01194AA6,00000000), ref: 011942E2
                                    • PyDict_SetItemString.PYTHON27(?,adapters,00000000), ref: 011942FF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Dict_$ItemString
                                    • String ID: adapters
                                    • API String ID: 1169755417-1118056056
                                    • Opcode ID: d25ce7ebf3d96005cf920f97e682a6a92e366efdc289108ebde0d5fed1bd449c
                                    • Instruction ID: addecbbbfc0264b742059b32960f5d80f2c3dc17d90d45fff37923dd59e35cbb
                                    • Opcode Fuzzy Hash: d25ce7ebf3d96005cf920f97e682a6a92e366efdc289108ebde0d5fed1bd449c
                                    • Instruction Fuzzy Hash: 83C012B84142015FCF294B29BC046193A54FF413657D44BB4F831C01D5E77080909B05
                                    APIs
                                    • PyDict_New.PYTHON27(01194AAC,00000000,00000000), ref: 011946FA
                                    • PyDict_SetItemString.PYTHON27(?,converters,00000000), ref: 01194713
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4062950240.0000000001191000.00000020.00000001.01000000.0000000D.sdmp, Offset: 01190000, based on PE: true
                                    • Associated: 00000002.00000002.4062935093.0000000001190000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062965689.0000000001197000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062979698.000000000119A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 00000002.00000002.4062992977.000000000119C000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_1190000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: Dict_$ItemString
                                    • String ID: converters
                                    • API String ID: 1169755417-3040274012
                                    • Opcode ID: f77ec87dc687a9a42dbd0d8e100b0f9f49a6f3d89f96bf98790b20235847c5f5
                                    • Instruction ID: c2037cfc3cb6e002a31f57d1de13fa0311acbd690cb0d71907faba767f426fbc
                                    • Opcode Fuzzy Hash: f77ec87dc687a9a42dbd0d8e100b0f9f49a6f3d89f96bf98790b20235847c5f5
                                    • Instruction Fuzzy Hash: 63C08C78418202AFEF2C0B24BC08A2A3F64FF412007844878F832C018DDB30C568CF01
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID:
                                    • API String ID: 438689982-0
                                    • Opcode ID: b411af8361a236215d4d48b2ecdcbcac1febc2146a0739d2836fdc936aaa7398
                                    • Instruction ID: ddf329b927ac9b45b8f2599d98f27455403e717ffe292a319aac1a83a4f81fb1
                                    • Opcode Fuzzy Hash: b411af8361a236215d4d48b2ecdcbcac1febc2146a0739d2836fdc936aaa7398
                                    • Instruction Fuzzy Hash: 6A21F5B65143066FD320DE99DC80A6BF3EDEF85600F04052EF94547300E7B5FD448A61
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID:
                                    • API String ID: 438689982-0
                                    • Opcode ID: 10856fbb92f422a3dec0ff46e2c2494185e68ceb445f4b1c4a127efcdefbb636
                                    • Instruction ID: adbb04f94c8f9b9b74a8c25f68828fbfd59428fc5e2ab6564430bdfb5c896013
                                    • Opcode Fuzzy Hash: 10856fbb92f422a3dec0ff46e2c2494185e68ceb445f4b1c4a127efcdefbb636
                                    • Instruction Fuzzy Hash: 8521F5B69107066FEB20DF59DC80A5BB3FDEF90210F05452EF8458B200E679FA048AA5
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID:
                                    • API String ID: 438689982-0
                                    • Opcode ID: 1524e76afdce7b78bc2b7423a769f2938edb5195038bb3c4e17c7f27510be5ac
                                    • Instruction ID: ba16c32b3cdea97b93ece6ced1e96204e8aa7da9b43472d34510ab5fcf5258dd
                                    • Opcode Fuzzy Hash: 1524e76afdce7b78bc2b7423a769f2938edb5195038bb3c4e17c7f27510be5ac
                                    • Instruction Fuzzy Hash: AB21F5B69047066FEB20DE5ADC80A5BB3FDEF90214F05452EF84647200E675FE058B65
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID:
                                    • API String ID: 438689982-0
                                    • Opcode ID: 5873a46902e530b336c5434a7fdac9c7f99a5cd3f52eb8bff85f25707a3487fa
                                    • Instruction ID: 0b72ba8ec7a6de7fdbd33b41e5b1abc1d37ab7f964e059cbf3f75388a78ee217
                                    • Opcode Fuzzy Hash: 5873a46902e530b336c5434a7fdac9c7f99a5cd3f52eb8bff85f25707a3487fa
                                    • Instruction Fuzzy Hash: 482104B6A007066FFB20DE59DC80A6BF3FDEF94224F04062EF94597640E771F94486A1
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID:
                                    • API String ID: 438689982-0
                                    • Opcode ID: 3313f223e385a2ab1a3ce0fda4e3397934407b1b57e4c196ae76a51bde4e9bb8
                                    • Instruction ID: c1e29084a7dcbe33fa8ec6c6616565069e4fc49464210c8a9e4888da589fa351
                                    • Opcode Fuzzy Hash: 3313f223e385a2ab1a3ce0fda4e3397934407b1b57e4c196ae76a51bde4e9bb8
                                    • Instruction Fuzzy Hash: 1321F2BAA007066BD714EF59DDC0A5BB3EDEF89610F04092EF88A4B710E671F944C695
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.4064886329.0000000003F61000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03F60000, based on PE: true
                                    • Associated: 00000002.00000002.4064873837.0000000003F60000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064925590.0000000003FD3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064949099.0000000003FF9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                    • Associated: 00000002.00000002.4064966353.000000000400C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_3f60000_zZ8OdFfZnb.jbxd
                                    Similarity
                                    • API ID: memcpy$memset
                                    • String ID:
                                    • API String ID: 438689982-0
                                    • Opcode ID: 4195370f6b426513d8df8ea3cdc56162b60578b095f86688d743ef03135e3eb1
                                    • Instruction ID: 7b8b7492378e6e6877a5f4c4606d0d2a96dc1fd8ab2361b931ee9f286cc1857d
                                    • Opcode Fuzzy Hash: 4195370f6b426513d8df8ea3cdc56162b60578b095f86688d743ef03135e3eb1
                                    • Instruction Fuzzy Hash: 1221E3B6A007066FD724EF5DDC80A5BB3EDEF94200F04492EF84547200E775FA058A65